pp-gohighlevel
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool using
npx -y @mvanhorn/printing-press-libraryandgo install github.com/mvanhorn/printing-press-library/.... These resources are hosted on well-known platforms (npm, GitHub) and originate from the author's own repositories. - [COMMAND_EXECUTION]: The skill executes a local binary
gohighlevel-pp-cliand various shell commands to perform CRM operations. It requires theBashtool to function. - [DATA_EXFILTRATION]: The tool includes a
--deliver webhook:<url>feature that allows the output of any command to be sent to an arbitrary external URL via a POST request. Additionally, thefeedbackcommand can be configured to transmit data to a remote endpoint via theGOHIGHLEVEL_FEEDBACK_ENDPOINTenvironment variable. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8):
- Ingestion points: The agent processes untrusted data fetched from GoHighLevel, including contact details, emails, SMS messages, and conversation threads in the
convo threadandcontacts searchcommands. - Boundary markers: None. The skill does not define delimiters or provide instructions to the agent to treat the ingested CRM content as untrusted data.
- Capability inventory: The skill can execute shell commands, read/write local files (
--deliver file:<path>), and perform network operations (GHL API, webhooks). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from the CRM before it is presented to the agent's context.
Audit Metadata