pp-wanderlust-goat
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
wanderlust-goat-pp-cliand an MCP server from external sources. - Installation via
npxfrom@mvanhorn/printing-presson npm. - Installation via
go installfromgithub.com/mvanhorn/printing-press-libraryon GitHub. - [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the
Bashtool to interact with thewanderlust-goat-pp-clibinary. This involves multiple subcommands for geographic data processing and local research. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag which allows the output of any command to be sent to an arbitrary external URL via an HTTP POST request. This capability allows the agent to send research results or command outputs to external endpoints. - [PROMPT_INJECTION]: The skill processes data from various untrusted external sources, including Reddit quotes, Wikipedia entries, and Atlas Obscura data, which are then presented to the agent. This represents an indirect prompt injection surface.
- Ingestion points: Data is aggregated from multiple external web APIs and editorial sources in
SKILL.md. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent to ignore instructions embedded in the processed data.
- Capability inventory: The skill has access to the
Bashtool and can perform file system writes and network operations via the CLI. - Sanitization: Absent. There is no mention of sanitizing or filtering the content retrieved from external sources before it is processed by the agent.
Audit Metadata