pp-table-reservation-goat
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
table-reservation-goat-pp-clivianpx -y @mvanhorn/printing-press. This fetches and executes an installer from the npm registry. - [COMMAND_EXECUTION]: All core functionalities are implemented by executing the
table-reservation-goat-pp-clibinary via the bash shell. - [DATA_EXFILTRATION]: The skill includes a
--deliver webhook:<url>feature that allows the agent to POST command output to an external URL. It also provides anauth login --chromecommand to import authentication cookies from the user's browser, which is sensitive data handling consistent with its purpose. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external sources.
- Ingestion points: Data retrieved from OpenTable and Tock (restaurant names, descriptions, and attributes) via the
goat,restaurants list, andavailability checkcommands. - Boundary markers: Absent. The skill does not provide instructions or delimiters to help the agent distinguish between data and potential embedded instructions.
- Capability inventory: The agent has access to the
Read Bashtool and the CLI binary, allowing for complex command chains and network operations. - Sanitization: Absent. No evidence of content validation or escaping is present for the data retrieved from external reservation networks.
Audit Metadata