pp-sendgrid
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI tool using 'npx -y @mvanhorn/printing-press'. This command downloads and executes code from a package repository managed by the skill's author.
- [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute various SendGrid management commands, including high-privilege operations such as creating API keys, managing IP allow lists, and sending transactional emails.
- [DATA_EXFILTRATION]: The CLI tool supports a '--deliver webhook:' flag, which allows the agent to automatically POST command results (potentially containing sensitive configuration or account data) to arbitrary external URLs.
- [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8).
- Ingestion points: The agent processes data retrieved from the SendGrid API, including email templates and activity logs, which could contain malicious instructions from external parties.
- Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded in the external data.
- Capability inventory: The skill has powerful capabilities through the 'Bash' tool, including account modification, email transmission, and data exfiltration via webhooks.
- Sanitization: No sanitization or validation of the data retrieved from the SendGrid API is described before it is incorporated into the agent context.
Audit Metadata