pp-ufo-goat
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
ufo-goat-pp-cliandufo-goat-pp-mcptools usingnpx(from@mvanhorn/printing-press) andgo install(fromgithub.com/mvanhorn/printing-press-library). These resources are hosted within the vendor's infrastructure as identified in the author context. - [DATA_EXFILTRATION]: The CLI tool provides a
--deliver webhook:<url>flag, which allows the agent to send the results of any command to an arbitrary external URL via HTTP POST. This capability serves as a potential egress point for data exfiltration if the agent is directed to process and send sensitive information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to search and ingest content from external, declassified document archives which are not under the direct control of the skill author.
- Ingestion points:
ufo-goat-pp-cli syncandufo-goat-pp-cli files search(SKILL.md). - Boundary markers: Not present; the instructions do not provide delimiters or negative constraints to prevent the agent from following instructions embedded in the UFO file metadata or content.
- Capability inventory: The agent can execute shell commands via the CLI, write files using the
--deliver fileflag, and perform network requests via the--deliver webhookflag (SKILL.md). - Sanitization: None; there is no evidence of filtering or validation of the content retrieved from the external archive.
- [COMMAND_EXECUTION]: The skill uses the
Bashtool to execute the CLI tool and installation commands. It also supports a--deliver file:<path>option which allows the agent to write output directly to the local file system.
Audit Metadata