pp-stackadapt

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the stackadapt-pp-cli binary and related components from vendor-controlled sources.
  • Evidence includes installation commands using npx for the @mvanhorn/printing-press-library package and go install for modules hosted at github.com/mvanhorn/printing-press-library.
  • [COMMAND_EXECUTION]: The skill's primary function is the execution of shell commands via the stackadapt-pp-cli tool using the Bash tool to query campaign data and manage local profiles.
  • [DATA_EXFILTRATION]: The tool includes a --deliver webhook:<url> flag which allows the agent to send command output directly to any user-specified URL via HTTP POST, which could be misused to transmit campaign metrics or account details externally.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it processes data from the external StackAdapt GraphQL API.
  • Ingestion points: External data from campaign reports and delivery logs enters the agent's context through the output of CLI commands described in SKILL.md.
  • Boundary markers: No delimiters or explicit instructions are provided to the agent to treat API output as untrusted data or to ignore embedded instructions.
  • Capability inventory: The agent has access to the Bash tool for local command execution and file system access.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the data retrieved from the API before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 06:15 AM
Security Audit — agent-trust-hub — pp-stackadapt