pp-beehiiv

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill fetches and installs the beehiiv-pp-cli tool using npx from the @mvanhorn npm registry and go install from the vendor's GitHub repository.
  • [COMMAND_EXECUTION]: Executes the beehiiv-pp-cli binary to perform administrative tasks such as post management, subscription updates, and webhook configuration. It also utilizes a natural language command resolver (which) to map user intent to specific CLI operations.
  • [DATA_EXFILTRATION]: Features a --deliver webhook:<url> capability that allows command output, which may contain sensitive subscriber emails and publication metadata, to be transmitted to arbitrary external URLs provided at runtime.
  • [CREDENTIALS_UNSAFE]: Provides documentation for managing API access tokens via environment variables or a specific CLI command (auth set-token), which is consistent with standard developer tool practices.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user input directly into CLI command arguments.
  • Ingestion points: User-provided strings passed via the $ARGUMENTS variable to the underlying CLI tool.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present.
  • Capability inventory: Full administrative access to the Beehiiv API, including reading subscriber lists and deleting publication content.
  • Sanitization: No validation or sanitization logic for external input is described in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:10 AM
Security Audit — agent-trust-hub — pp-beehiiv