pp-stackadapt
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
stackadapt-pp-clibinary and related components from vendor-controlled sources. - Evidence includes installation commands using
npxfor the@mvanhorn/printing-press-librarypackage andgo installfor modules hosted atgithub.com/mvanhorn/printing-press-library. - [COMMAND_EXECUTION]: The skill's primary function is the execution of shell commands via the
stackadapt-pp-clitool using theBashtool to query campaign data and manage local profiles. - [DATA_EXFILTRATION]: The tool includes a
--deliver webhook:<url>flag which allows the agent to send command output directly to any user-specified URL via HTTP POST, which could be misused to transmit campaign metrics or account details externally. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from the external StackAdapt GraphQL API.
- Ingestion points: External data from campaign reports and delivery logs enters the agent's context through the output of CLI commands described in
SKILL.md. - Boundary markers: No delimiters or explicit instructions are provided to the agent to treat API output as untrusted data or to ignore embedded instructions.
- Capability inventory: The agent has access to the
Bashtool for local command execution and file system access. - Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the API before it is processed by the agent.
Audit Metadata