pp-alaska-airlines

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install a command-line interface via npx -y @mvanhorn/printing-press. As the package is within the author's own namespace, it is considered a legitimate dependency for the tool's intended use.\n- [CREDENTIALS_UNSAFE]: The documentation describes an authentication process that extracts cookies from the user's Chrome profile via the macOS keychain. This is a functional requirement for the tool to interact with Alaska Airlines APIs as an authenticated user and is handled by the external binary.\n- [DATA_EXFILTRATION]: The CLI tool includes a feedback mechanism that can optionally send data to a user-configured remote endpoint. This feature is documented, inactive by default, and requires the manual setting of environment variables.\n- [COMMAND_EXECUTION]: The skill guides the agent to run the alaska-airlines-pp-cli binary with various flags to perform legitimate tasks such as flight searches, reward balance checks, and airport lookups.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 11:27 PM
Security Audit — agent-trust-hub — pp-alaska-airlines