pp-godaddy
Warn
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI binary from external sources, specifically using
npxfrom an NPM package (@mvanhorn/printing-press-library) andgo installfrom a GitHub repository (github.com/mvanhorn/printing-press-library). - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>argument that enables the transmission of command results to arbitrary external URLs. This functionality allows for the potential exfiltration of sensitive information retrieved from GoDaddy APIs, such as certificate details, order history, and account metadata. - [PROMPT_INJECTION]: There is a discrepancy in the skill's metadata; the author is listed as 'zaydiscold' in the frontmatter, which is inconsistent with the expected author identity for these resources.
- [COMMAND_EXECUTION]: The skill's primary function is the execution of shell commands through the
godaddy-pp-clitool to interact with cloud services.
Audit Metadata