pp-etherpad
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
etherpad-pp-clibinary from the author's official npm package (@mvanhorn/printing-press) or viago installfrom the author's GitHub repository (github.com/mvanhorn/printing-press-library). - [COMMAND_EXECUTION]: Executes the
etherpad-pp-clitool to interact with Etherpad servers, providing subcommands for managing pads, authors, groups, and sessions. - [DATA_EXFILTRATION]: Includes a feature to route command output, which may include pad content or chat history, to an external URL using the
--deliver webhook:<url>flag. - [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill reads and processes user-generated collaborative content from Etherpad.
- Ingestion points: Accesses untrusted data via
get-text,get-html,get-chat-history, andget-revision-changesetcommands inSKILL.md. - Boundary markers: No explicit delimiters or instructions are provided to distinguish between Etherpad content and administrative instructions.
- Capability inventory: The skill can modify or delete pads and exfiltrate data to remote URLs via webhooks.
- Sanitization: There is no evidence of input validation or content filtering for the data retrieved from Etherpad pads.
Audit Metadata