pp-blacklane

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows the agent to send command output (potentially including personal ride history or account details) to arbitrary external URLs.
  • [DATA_EXFILTRATION]: The auth login --chrome command accesses the user's Chrome local storage to retrieve authentication tokens, while pbpaste is used to ingest data from the system clipboard.
  • [COMMAND_EXECUTION]: The skill requires the agent to execute shell commands for tool installation, configuration, and operation.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of third-party software from npm and GitHub associated with the author.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 08:59 PM
Security Audit — agent-trust-hub — pp-blacklane