pp-airbnb

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the airbnb-pp-cli tool using npx and go install from repositories owned by the author (github.com/mvanhorn/...). This involves downloading and executing code from external sources during setup.
  • [REMOTE_CODE_EXECUTION]: The use of npx -y @mvanhorn/printing-press directly fetches and executes a package from the npm registry. Similarly, go install downloads and compiles remote source code into executable binaries.
  • [DATA_EXFILTRATION]: The CLI tool features a --deliver webhook:<url> option. This allows the agent to transmit command outputs, which may contain user listing data, wishlist details, or trip plans, to any external server.
  • [DATA_EXFILTRATION]: The feedback command and associated environment variables (AIRBNB_PP_FEEDBACK_AUTO_SEND, AIRBNB_PP_FEEDBACK_ENDPOINT) enable the transmission of local data to remote endpoints.
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands using the Read Bash tool. The direct mapping of user-supplied $ARGUMENTS to command-line parameters without explicit sanitization patterns poses a potential risk of command injection.
  • [CREDENTIALS_UNSAFE]: The tool manages authenticated sessions (cookies) for Airbnb via auth login --chrome, which involves handling sensitive session information locally to access user data like wishlists.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 11:49 AM
Security Audit — agent-trust-hub — pp-airbnb