pp-tella

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed around the execution of the tella-pp-cli binary using Bash to perform media management and API interactions.
  • [DATA_EXFILTRATION]: The command-line interface includes a --deliver webhook:<url> flag that allows the output of any command (such as video transcripts or workspace statistics) to be sent to an arbitrary external URL.
  • [DATA_EXFILTRATION]: The feedback command can be configured via environment variables (TELLA_FEEDBACK_ENDPOINT) to automatically send local logs or notes to a remote server.
  • [CREDENTIALS_UNSAFE]: The skill instructs users to manually extract session cookies from a browser (TELLA_SESSION_COOKIE) to access 'Unofficial API' features, which encourages unsafe credential management and potentially exposes session tokens.
  • [EXTERNAL_DOWNLOADS]: The prerequisite setup requires downloading software from external package registries and repositories, specifically an NPM package (@mvanhorn/printing-press-library) and a Go-based binary from GitHub (github.com/mvanhorn/printing-press-library).
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 01:56 PM
Security Audit — agent-trust-hub — pp-tella