pp-smartlead
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the necessary CLI tool using
npx -y @mvanhorn/printing-press. This fetches and executes code from the NPM registry to set up the environment. - [COMMAND_EXECUTION]: The skill makes extensive use of the
smartlead-pp-clibinary. It specifically directs the agent to use the--agentflag, which enables non-interactive mode (--yes), allowing the tool to perform actions like deleting campaigns without manual confirmation. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows the output of any command to be POSTed to an external URL. While intended for integration, this provides a pathway for data to be sent outside the local environment. - [DATA_EXFILTRATION]: The
feedbackcommand is designed to record notes locally but can be configured to automatically transmit them to a remote endpoint if theSMARTLEAD_FEEDBACK_ENDPOINTenvironment variable is defined.
Audit Metadata