pp-uk-train-goat
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs its core functionality using
npx -y @mvanhorn/printing-press-library. This fetches and executes the installation logic from the vendor's package repository. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>feature and aUK_TRAIN_GOAT_FEEDBACK_ENDPOINTenvironment variable setting. These capabilities allow the tool to POST data directly to arbitrary remote servers, which could be leveraged for data exfiltration. - [COMMAND_EXECUTION]: The skill executes the
uk-train-goat-pp-clibinary to perform its tasks, including anevalsubcommand that runs an agent evaluation suite. - [PROMPT_INJECTION]: The skill processes live data from the National Rail OpenLDBWS API and user-provided search terms, creating a potential surface for indirect prompt injection.
- Ingestion points: Rail service data, delay reasons, and station search results fetched from the National Rail API.
- Boundary markers: The skill does not define specific delimiters to separate untrusted API data from the agent's instructions.
- Capability inventory: Subprocess execution (
uk-train-goat-pp-cli), file system writes (--deliver file:), and network data transmission (--deliver webhook:). - Sanitization: No explicit sanitization or validation of the external API content is documented before processing.
Audit Metadata