pp-sendgrid

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install a CLI tool using 'npx -y @mvanhorn/printing-press'. This command downloads and executes code from a package repository managed by the skill's author.
  • [COMMAND_EXECUTION]: The skill uses the 'Bash' tool to execute various SendGrid management commands, including high-privilege operations such as creating API keys, managing IP allow lists, and sending transactional emails.
  • [DATA_EXFILTRATION]: The CLI tool supports a '--deliver webhook:' flag, which allows the agent to automatically POST command results (potentially containing sensitive configuration or account data) to arbitrary external URLs.
  • [PROMPT_INJECTION]: The skill possesses an attack surface for indirect prompt injection (Category 8).
  • Ingestion points: The agent processes data retrieved from the SendGrid API, including email templates and activity logs, which could contain malicious instructions from external parties.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore instructions embedded in the external data.
  • Capability inventory: The skill has powerful capabilities through the 'Bash' tool, including account modification, email transmission, and data exfiltration via webhooks.
  • Sanitization: No sanitization or validation of the data retrieved from the SendGrid API is described before it is incorporated into the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 04:26 AM
Security Audit — agent-trust-hub — pp-sendgrid