pp-superhuman
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary
superhuman-pp-cli. It provides installation instructions vianpxfrom the@mvanhornNPM scope andgo installfrom themvanhornGitHub repository. These sources correspond to the stated author and are considered vendor-managed resources. - [COMMAND_EXECUTION]: The skill relies on the execution of shell commands via the
Bashtool to interact with the Superhuman CLI. This is the primary mechanism for the skill's functionality. - [DATA_EXFILTRATION]: The CLI includes an output delivery feature (
--deliver webhook:<url>) that allows the output of any command (which may include sensitive email content) to be POSTed to an external URL. While documented as a feature for automation, it represents a potential vector for data exfiltration if misused. - [DATA_EXFILTRATION]: The authentication mechanism (
auth login --disk) involves reading Chrome's on-disk session data to retrieve refreshable account tokens. This is a sensitive operation necessary for the tool's integration with the email provider. - [DATA_EXFILTRATION]: The skill includes a feedback mechanism that can optionally send data to a remote endpoint if specific environment variables (
SUPERHUMAN_FEEDBACK_ENDPOINT) are configured. By default, this behavior is local-only. - [DATA_EXFILTRATION]: The skill processes untrusted external data in the form of incoming email content. Because the agent has the capability to write data (sending emails, updating drafts) and perform network operations (webhooks), this creates a surface for indirect prompt injection where malicious instructions inside an email could influence agent behavior.
Audit Metadata