pp-booking-com

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install a custom binary (booking-com-pp-cli) using npx from @mvanhorn/printing-press-library or go install from github.com/mvanhorn/printing-press-library. These resources are hosted on non-standard, personal infrastructure managed by the skill's author.
  • [COMMAND_EXECUTION]: The skill parses user input via $ARGUMENTS and interpolates it directly into shell commands: booking-com-pp-cli <command> [subcommand] [args] --agent. There is no evidence of sanitization or boundary markers, creating a risk that malicious user input could lead to command injection.
  • [DATA_EXFILTRATION]: The CLI includes a --deliver webhook:<url> feature that allows the agent to POST command outputs (containing sensitive travel data) to arbitrary external URLs. This functionality provides a direct mechanism for data exfiltration if the agent is directed to use an attacker-controlled endpoint.
  • [CREDENTIALS_UNSAFE]: The skill provides instructions for importing active session cookies from the user's Chrome browser (booking-com-pp-cli auth login --chrome). While this enables authenticated access to Booking.com, it involves harvesting and locally storing sensitive authentication material.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 11:17 AM
Security Audit — agent-trust-hub — pp-booking-com