Skills
skills/mvanhorn/printing-press-library/pp-contact-goat/Gen Agent Trust Hub

pp-contact-goat

Warn

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches software packages from the author's NPM scope (@mvanhorn/printing-press) and GitHub repository (github.com/mvanhorn/printing-press-library).
  • [REMOTE_CODE_EXECUTION]: The installation process involves executing remote code through npx and compiling Go source code directly from GitHub via go install.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local files and application data to facilitate authentication:
  • It reads the .env file located at ~/.local/deepline/code-deepline-com/.env to discover API keys.
  • It accesses Chrome session cookies to authenticate with the Happenstance web application.
  • [COMMAND_EXECUTION]: The skill invokes the contact-goat-pp-cli binary with user-supplied arguments to perform networking and enrichment tasks.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it ingests and summarizes content from external LinkedIn profiles and enrichment services.
  • Ingestion points: Data returned from LinkedIn, Happenstance, and Deepline API queries.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation for handling external content.
  • Capability inventory: The skill has access to shell execution (bash) and file system reading (Read).
  • Sanitization: No sanitization or validation steps are defined for the data retrieved from external enrichment sources.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 8, 2026, 05:09 PM