pp-prediction-goat

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI tool using npx -y @mvanhorn/printing-press and go install github.com/mvanhorn/printing-press-library/.... These resources are managed by the vendor (mvanhorn) and are used for the primary functionality of the skill.
  • [COMMAND_EXECUTION]: The skill's primary operation involves executing the prediction-goat-pp-cli binary with various arguments and flags to interact with prediction market APIs and local data.
  • [DATA_EXFILTRATION]: A built-in feature allows command output to be delivered to external sinks via the --deliver webhook:<url> flag. This provides a direct mechanism for routing processed market data to arbitrary HTTP endpoints.
  • [DATA_EXFILTRATION]: The feedback command allows sending data to a configured remote endpoint (PREDICTION_GOAT_FEEDBACK_ENDPOINT), which serves as an additional network communication channel.
  • [PROMPT_INJECTION]: The skill implements an 'Automatic learning' protocol using recall and teach commands. This system retrieves 'notes' and 'playbooks' from local storage and instructs the agent to 'READ Playbook.notes verbatim FIRST'. This creates a significant surface for indirect prompt injection, as data 'taught' to the system in one session (potentially influenced by external market content) can alter the agent's instructions and behavior in subsequent sessions.
  • Ingestion points: Data enters the context via the recall command which returns playbooks and notes stored in a local SQLite database.
  • Boundary markers: The instructions do not define clear delimiters or sanitization steps for the retrieved 'notes' or 'playbook' content.
  • Capability inventory: The agent has the capability to execute shell commands via the CLI binary.
  • Sanitization: There is no mention of escaping or validating the content of 'notes' before the agent is instructed to read them verbatim.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 02:16 PM
Security Audit — agent-trust-hub — pp-prediction-goat