pp-ht-ml
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs a binary directly from the vendor's GitHub repository using
go installandnpx. These resources (github.com/mvanhorn/* and @mvanhorn/*) are consistent with the provided vendor context. - [COMMAND_EXECUTION]: The skill relies on the execution of the
ht-ml-pp-clibinary to perform its primary functions, including publishing and site management. - [DATA_EXFILTRATION]: The CLI includes a documented
--deliver webhook:<url>feature that allows the output of any command to be POSTed to an external URL. This is a functional feature of the tool but could be a vector for data exfiltration if an agent is instructed to send sensitive site data or registry keys to an untrusted endpoint. - [CREDENTIALS_UNSAFE]: The skill manages site-specific 'update keys' which are stored in a local SQLite database and a
credentials.tomlfile. Thekeys exportcommand allows these secrets to be retrieved, which is a necessary function for disaster recovery but represents a sensitive data access point. - [PROMPT_INJECTION]: Indirect Prompt Injection Risk:
- Ingestion points: The
republish,scan, andassets synccommands inSKILL.mdread and process local HTML files provided by the user or project environment. - Boundary markers: Absent; there are no specific delimiters or instructions for the agent to ignore potentially malicious embedded content within the HTML being processed.
- Capability inventory: The skill executes shell commands via the
ht-ml-pp-clibinary, which performs network requests toht-ml.appand arbitrary webhooks, and writes to the local file system. - Sanitization: The skill includes a dedicated
scancommand designed to detect leaked secrets and PII within HTML files before they are published, providing a layer of protection against accidental data exposure.
Audit Metadata