pp-multimail

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the multimail-pp-cli tool using npx from the vendor's official @mvanhorn/printing-press npm package and go install from the vendor's repository at github.com/mvanhorn/printing-press-library. These resources are hosted on well-known, trusted registries.
  • [COMMAND_EXECUTION]: The skill executes the multimail-pp-cli binary to perform various email-related tasks, including account management, API key rotation, and audit log retrieval. It also invokes npx, go, and claude commands during the initial setup and configuration phases.
  • [DATA_EXFILTRATION]: The CLI includes a documented --deliver webhook:<url> feature. This capability allows the agent to route the JSON output of any command to an external HTTP endpoint, providing a functional mechanism for data delivery to third-party services.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 02:30 PM
Security Audit — agent-trust-hub — pp-multimail