pp-smartlead

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the necessary CLI tool using npx -y @mvanhorn/printing-press. This fetches and executes code from the NPM registry to set up the environment.
  • [COMMAND_EXECUTION]: The skill makes extensive use of the smartlead-pp-cli binary. It specifically directs the agent to use the --agent flag, which enables non-interactive mode (--yes), allowing the tool to perform actions like deleting campaigns without manual confirmation.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows the output of any command to be POSTed to an external URL. While intended for integration, this provides a pathway for data to be sent outside the local environment.
  • [DATA_EXFILTRATION]: The feedback command is designed to record notes locally but can be configured to automatically transmit them to a remote endpoint if the SMARTLEAD_FEEDBACK_ENDPOINT environment variable is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 11:57 PM
Security Audit — agent-trust-hub — pp-smartlead