pp-godaddy

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI binary from external sources, specifically using npx from an NPM package (@mvanhorn/printing-press-library) and go install from a GitHub repository (github.com/mvanhorn/printing-press-library).
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> argument that enables the transmission of command results to arbitrary external URLs. This functionality allows for the potential exfiltration of sensitive information retrieved from GoDaddy APIs, such as certificate details, order history, and account metadata.
  • [PROMPT_INJECTION]: There is a discrepancy in the skill's metadata; the author is listed as 'zaydiscold' in the frontmatter, which is inconsistent with the expected author identity for these resources.
  • [COMMAND_EXECUTION]: The skill's primary function is the execution of shell commands through the godaddy-pp-cli tool to interact with cloud services.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 10:40 PM
Security Audit — agent-trust-hub — pp-godaddy