pp-ht-ml

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs a binary directly from the vendor's GitHub repository using go install and npx. These resources (github.com/mvanhorn/* and @mvanhorn/*) are consistent with the provided vendor context.
  • [COMMAND_EXECUTION]: The skill relies on the execution of the ht-ml-pp-cli binary to perform its primary functions, including publishing and site management.
  • [DATA_EXFILTRATION]: The CLI includes a documented --deliver webhook:<url> feature that allows the output of any command to be POSTed to an external URL. This is a functional feature of the tool but could be a vector for data exfiltration if an agent is instructed to send sensitive site data or registry keys to an untrusted endpoint.
  • [CREDENTIALS_UNSAFE]: The skill manages site-specific 'update keys' which are stored in a local SQLite database and a credentials.toml file. The keys export command allows these secrets to be retrieved, which is a necessary function for disaster recovery but represents a sensitive data access point.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Risk:
  • Ingestion points: The republish, scan, and assets sync commands in SKILL.md read and process local HTML files provided by the user or project environment.
  • Boundary markers: Absent; there are no specific delimiters or instructions for the agent to ignore potentially malicious embedded content within the HTML being processed.
  • Capability inventory: The skill executes shell commands via the ht-ml-pp-cli binary, which performs network requests to ht-ml.app and arbitrary webhooks, and writes to the local file system.
  • Sanitization: The skill includes a dedicated scan command designed to detect leaked secrets and PII within HTML files before they are published, providing a layer of protection against accidental data exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 09:48 PM
Security Audit — agent-trust-hub — pp-ht-ml