pp-booking-com
Warn
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install a custom binary (
booking-com-pp-cli) usingnpxfrom@mvanhorn/printing-press-libraryorgo installfromgithub.com/mvanhorn/printing-press-library. These resources are hosted on non-standard, personal infrastructure managed by the skill's author. - [COMMAND_EXECUTION]: The skill parses user input via
$ARGUMENTSand interpolates it directly into shell commands:booking-com-pp-cli <command> [subcommand] [args] --agent. There is no evidence of sanitization or boundary markers, creating a risk that malicious user input could lead to command injection. - [DATA_EXFILTRATION]: The CLI includes a
--deliver webhook:<url>feature that allows the agent to POST command outputs (containing sensitive travel data) to arbitrary external URLs. This functionality provides a direct mechanism for data exfiltration if the agent is directed to use an attacker-controlled endpoint. - [CREDENTIALS_UNSAFE]: The skill provides instructions for importing active session cookies from the user's Chrome browser (
booking-com-pp-cli auth login --chrome). While this enables authenticated access to Booking.com, it involves harvesting and locally storing sensitive authentication material.
Audit Metadata