suprsend-cli
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The CLI manages authentication via service tokens, which are stored in a local configuration file at
~/.suprsend.yaml. Thesuprsend profilesubcommands are specifically designed to store and modify these sensitive credentials. - [DATA_EXFILTRATION]: Multiple commands, such as
suprsend workflow pushandsuprsend category push, transmit local configuration and asset data to SuprSend's external APIs (hub.suprsend.com and management-api.suprsend.com). - [COMMAND_EXECUTION]: The skill documents the generation and execution of shell completion scripts and type definition generators for various programming languages, which are used to integrate the tool into local development environments.
- [PROMPT_INJECTION]: The
suprsend start-mcp-servercommand facilitates AI agent interaction with SuprSend resources, creating a potential surface for indirect prompt injection. - Ingestion points: Data retrieved from the SuprSend workspace (e.g., notification templates, event schemas, documentation) via MCP tools like
documentation.fetchorworkflow.get. - Boundary markers: The documentation does not indicate the use of specific delimiters or instructions to prevent the agent from obeying instructions embedded in the retrieved data.
- Capability inventory: The CLI has the ability to pull and push workspace assets, manage user profiles, and generate executable code snippets.
- Sanitization: There is no documented sanitization process for data fetched from the remote service before it is provided to the agent.
Audit Metadata