pp-cal-com

Warn

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using npx -y @mvanhorn/printing-press or go install github.com/mvanhorn/printing-press-library/library/productivity/cal-com/cmd/cal-com-pp-cli@latest. This downloads and executes code from the vendor's repositories.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, which allows the agent to POST command results, potentially containing sensitive calendar or attendee information, to any user-specified URL.
  • [DATA_EXFILTRATION]: The feedback command can be configured to send local data to a remote endpoint via the CAL_COM_FEEDBACK_ENDPOINT environment variable.
  • [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the cal-com-pp-cli binary with user-provided arguments.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 22, 2026, 09:38 PM
Security Audit — agent-trust-hub — pp-cal-com