pp-uk-train-goat

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs its core functionality using npx -y @mvanhorn/printing-press-library. This fetches and executes the installation logic from the vendor's package repository.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> feature and a UK_TRAIN_GOAT_FEEDBACK_ENDPOINT environment variable setting. These capabilities allow the tool to POST data directly to arbitrary remote servers, which could be leveraged for data exfiltration.
  • [COMMAND_EXECUTION]: The skill executes the uk-train-goat-pp-cli binary to perform its tasks, including an eval subcommand that runs an agent evaluation suite.
  • [PROMPT_INJECTION]: The skill processes live data from the National Rail OpenLDBWS API and user-provided search terms, creating a potential surface for indirect prompt injection.
  • Ingestion points: Rail service data, delay reasons, and station search results fetched from the National Rail API.
  • Boundary markers: The skill does not define specific delimiters to separate untrusted API data from the agent's instructions.
  • Capability inventory: Subprocess execution (uk-train-goat-pp-cli), file system writes (--deliver file:), and network data transmission (--deliver webhook:).
  • Sanitization: No explicit sanitization or validation of the external API content is documented before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 11:30 AM
Security Audit — agent-trust-hub — pp-uk-train-goat