pp-prediction-goat
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI tool using
npx -y @mvanhorn/printing-pressandgo install github.com/mvanhorn/printing-press-library/.... These resources are managed by the vendor (mvanhorn) and are used for the primary functionality of the skill. - [COMMAND_EXECUTION]: The skill's primary operation involves executing the
prediction-goat-pp-clibinary with various arguments and flags to interact with prediction market APIs and local data. - [DATA_EXFILTRATION]: A built-in feature allows command output to be delivered to external sinks via the
--deliver webhook:<url>flag. This provides a direct mechanism for routing processed market data to arbitrary HTTP endpoints. - [DATA_EXFILTRATION]: The
feedbackcommand allows sending data to a configured remote endpoint (PREDICTION_GOAT_FEEDBACK_ENDPOINT), which serves as an additional network communication channel. - [PROMPT_INJECTION]: The skill implements an 'Automatic learning' protocol using
recallandteachcommands. This system retrieves 'notes' and 'playbooks' from local storage and instructs the agent to 'READ Playbook.notes verbatim FIRST'. This creates a significant surface for indirect prompt injection, as data 'taught' to the system in one session (potentially influenced by external market content) can alter the agent's instructions and behavior in subsequent sessions. - Ingestion points: Data enters the context via the
recallcommand which returns playbooks and notes stored in a local SQLite database. - Boundary markers: The instructions do not define clear delimiters or sanitization steps for the retrieved 'notes' or 'playbook' content.
- Capability inventory: The agent has the capability to execute shell commands via the CLI binary.
- Sanitization: There is no mention of escaping or validating the content of 'notes' before the agent is instructed to read them verbatim.
Audit Metadata