pp-tella
Warn
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed around the execution of the
tella-pp-clibinary using Bash to perform media management and API interactions. - [DATA_EXFILTRATION]: The command-line interface includes a
--deliver webhook:<url>flag that allows the output of any command (such as video transcripts or workspace statistics) to be sent to an arbitrary external URL. - [DATA_EXFILTRATION]: The
feedbackcommand can be configured via environment variables (TELLA_FEEDBACK_ENDPOINT) to automatically send local logs or notes to a remote server. - [CREDENTIALS_UNSAFE]: The skill instructs users to manually extract session cookies from a browser (
TELLA_SESSION_COOKIE) to access 'Unofficial API' features, which encourages unsafe credential management and potentially exposes session tokens. - [EXTERNAL_DOWNLOADS]: The prerequisite setup requires downloading software from external package registries and repositories, specifically an NPM package (
@mvanhorn/printing-press-library) and a Go-based binary from GitHub (github.com/mvanhorn/printing-press-library).
Audit Metadata