pp-movie-goat
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
movie-goat-pp-clitool from the author's GitHub repository and NPM registry usinggo installandnpxduring the setup process. - [COMMAND_EXECUTION]: The skill requires the execution of the custom
movie-goat-pp-clibinary via shell commands to interact with movie and person data. - [DATA_EXFILTRATION]: The tool includes a
--deliver webhook:<url>flag that allows the agent to POST command results to an external URL. This creates a potential channel for data exfiltration if the agent is directed to process sensitive information or route data to an untrusted endpoint. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface where external data is ingested and processed alongside agent instructions.
- Ingestion points: Untrusted data enters the context through command arguments for movie titles, actor names, and natural language queries passed to the
whichcommand. - Boundary markers: The skill does not define explicit boundary markers or delimiters to isolate processed data from instructions.
- Capability inventory: The skill can execute shell commands, write to the local file system using the
--deliver file:flag, and send data to external URLs via the--deliver webhook:flag. - Sanitization: There is no mention of sanitization or validation of external input before it is utilized by the CLI tool.
Audit Metadata