pp-customer-io

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the customer-io-pp-cli binary using npx from the @mvanhorn/printing-press package and go install from github.com/mvanhorn/printing-press-library. These resources are provided by the skill's associated vendor.
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute the customer-io-pp-cli binary, enabling interaction with the Customer.io API and management of a local SQLite cache.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature and a feedback command that can optionally send data to an external endpoint if environment variables are configured. This functionality allows the agent to transmit command results—potentially containing customer profiles, segment data, or campaign metrics—to external URLs. While a documented feature for output routing, it constitutes a data exfiltration vector if the destination URL is not strictly controlled.
  • [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection (Category 8) through its ingestion of untrusted data.
  • Ingestion points: Data enters the agent's context through the Customer.io API (e.g., campaigns, customers, activities) and local CSV/JSONL files provided via the --from-csv flag in the suppressions bulk add command.
  • Boundary markers: The skill instructions do not specify the use of delimiters or boundary markers to isolate ingested data from the agent's execution instructions.
  • Capability inventory: The skill possesses the capability to execute shell commands via Bash, write to local files, and perform network requests to arbitrary webhooks.
  • Sanitization: There is no evidence of sanitization, validation, or filtering of the ingested external content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 03:14 AM
Security Audit — agent-trust-hub — pp-customer-io