pp-podcast-goat
Warn
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI binary using
npx -y @mvanhorn/printing-pressorgo install github.com/mvanhorn/printing-press-library/.... These commands download and execute code from external registries and repositories. - [DATA_EXFILTRATION]: The skill includes a
--deliver webhook:<url>feature that allows the output of any command to be sent to an arbitrary external URL via HTTP POST. Additionally, theauth login-servicecommand is designed to extract browser cookies from the local system, which are sensitive authentication credentials. - [COMMAND_EXECUTION]: The skill relies on the
Bashtool to execute subcommands of thepodcast-goat-pp-clibinary. This binary has the capability to read/write files and perform network operations. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection.
- Ingestion points: The skill fetches long-form transcripts from external, untrusted sources such as YouTube, Substack, and RSS feeds as described in
SKILL.md. - Boundary markers: There are no instructions provided to the agent to use delimiters or to ignore potential instructions embedded within the fetched transcripts.
- Capability inventory: The skill has access to the
Bashtool, can write to the local filesystem using the--outflag, and can perform network exfiltration via the--deliver webhooksink. - Sanitization: There is no evidence of sanitization or validation of the transcript content before it is processed by the agent.
Audit Metadata