pp-gohighlevel

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool using npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/.... These resources are hosted on well-known platforms (npm, GitHub) and originate from the author's own repositories.
  • [COMMAND_EXECUTION]: The skill executes a local binary gohighlevel-pp-cli and various shell commands to perform CRM operations. It requires the Bash tool to function.
  • [DATA_EXFILTRATION]: The tool includes a --deliver webhook:<url> feature that allows the output of any command to be sent to an arbitrary external URL via a POST request. Additionally, the feedback command can be configured to transmit data to a remote endpoint via the GOHIGHLEVEL_FEEDBACK_ENDPOINT environment variable.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
  • Ingestion points: The agent processes untrusted data fetched from GoHighLevel, including contact details, emails, SMS messages, and conversation threads in the convo thread and contacts search commands.
  • Boundary markers: None. The skill does not define delimiters or provide instructions to the agent to treat the ingested CRM content as untrusted data.
  • Capability inventory: The skill can execute shell commands, read/write local files (--deliver file:<path>), and perform network operations (GHL API, webhooks).
  • Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the CRM before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:10 AM
Security Audit — agent-trust-hub — pp-gohighlevel