pp-beehiiv
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches and installs the
beehiiv-pp-clitool usingnpxfrom the@mvanhornnpm registry andgo installfrom the vendor's GitHub repository. - [COMMAND_EXECUTION]: Executes the
beehiiv-pp-clibinary to perform administrative tasks such as post management, subscription updates, and webhook configuration. It also utilizes a natural language command resolver (which) to map user intent to specific CLI operations. - [DATA_EXFILTRATION]: Features a
--deliver webhook:<url>capability that allows command output, which may contain sensitive subscriber emails and publication metadata, to be transmitted to arbitrary external URLs provided at runtime. - [CREDENTIALS_UNSAFE]: Provides documentation for managing API access tokens via environment variables or a specific CLI command (
auth set-token), which is consistent with standard developer tool practices. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted user input directly into CLI command arguments.
- Ingestion points: User-provided strings passed via the
$ARGUMENTSvariable to the underlying CLI tool. - Boundary markers: No delimiters or instructions to ignore embedded commands are present.
- Capability inventory: Full administrative access to the Beehiiv API, including reading subscriber lists and deleting publication content.
- Sanitization: No validation or sanitization logic for external input is described in the skill instructions.
Audit Metadata