pp-etherpad

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and installs the etherpad-pp-cli binary from the author's official npm package (@mvanhorn/printing-press) or via go install from the author's GitHub repository (github.com/mvanhorn/printing-press-library).
  • [COMMAND_EXECUTION]: Executes the etherpad-pp-cli tool to interact with Etherpad servers, providing subcommands for managing pads, authors, groups, and sessions.
  • [DATA_EXFILTRATION]: Includes a feature to route command output, which may include pad content or chat history, to an external URL using the --deliver webhook:<url> flag.
  • [PROMPT_INJECTION]: Identifies an indirect prompt injection surface as the skill reads and processes user-generated collaborative content from Etherpad.
  • Ingestion points: Accesses untrusted data via get-text, get-html, get-chat-history, and get-revision-changeset commands in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to distinguish between Etherpad content and administrative instructions.
  • Capability inventory: The skill can modify or delete pads and exfiltrate data to remote URLs via webhooks.
  • Sanitization: There is no evidence of input validation or content filtering for the data retrieved from Etherpad pads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 05:28 PM
Security Audit — agent-trust-hub — pp-etherpad