pp-podcast-goat

Warn

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of a CLI binary using npx -y @mvanhorn/printing-press or go install github.com/mvanhorn/printing-press-library/.... These commands download and execute code from external registries and repositories.
  • [DATA_EXFILTRATION]: The skill includes a --deliver webhook:<url> feature that allows the output of any command to be sent to an arbitrary external URL via HTTP POST. Additionally, the auth login-service command is designed to extract browser cookies from the local system, which are sensitive authentication credentials.
  • [COMMAND_EXECUTION]: The skill relies on the Bash tool to execute subcommands of the podcast-goat-pp-cli binary. This binary has the capability to read/write files and perform network operations.
  • [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection.
  • Ingestion points: The skill fetches long-form transcripts from external, untrusted sources such as YouTube, Substack, and RSS feeds as described in SKILL.md.
  • Boundary markers: There are no instructions provided to the agent to use delimiters or to ignore potential instructions embedded within the fetched transcripts.
  • Capability inventory: The skill has access to the Bash tool, can write to the local filesystem using the --out flag, and can perform network exfiltration via the --deliver webhook sink.
  • Sanitization: There is no evidence of sanitization or validation of the transcript content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 02:29 AM
Security Audit — agent-trust-hub — pp-podcast-goat