pp-superhuman

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary superhuman-pp-cli. It provides installation instructions via npx from the @mvanhorn NPM scope and go install from the mvanhorn GitHub repository. These sources correspond to the stated author and are considered vendor-managed resources.
  • [COMMAND_EXECUTION]: The skill relies on the execution of shell commands via the Bash tool to interact with the Superhuman CLI. This is the primary mechanism for the skill's functionality.
  • [DATA_EXFILTRATION]: The CLI includes an output delivery feature (--deliver webhook:<url>) that allows the output of any command (which may include sensitive email content) to be POSTed to an external URL. While documented as a feature for automation, it represents a potential vector for data exfiltration if misused.
  • [DATA_EXFILTRATION]: The authentication mechanism (auth login --disk) involves reading Chrome's on-disk session data to retrieve refreshable account tokens. This is a sensitive operation necessary for the tool's integration with the email provider.
  • [DATA_EXFILTRATION]: The skill includes a feedback mechanism that can optionally send data to a remote endpoint if specific environment variables (SUPERHUMAN_FEEDBACK_ENDPOINT) are configured. By default, this behavior is local-only.
  • [DATA_EXFILTRATION]: The skill processes untrusted external data in the form of incoming email content. Because the agent has the capability to write data (sending emails, updating drafts) and perform network operations (webhooks), this creates a surface for indirect prompt injection where malicious instructions inside an email could influence agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 03:52 AM
Security Audit — agent-trust-hub — pp-superhuman