pp-cal-com
Warn
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install a CLI tool using
npx -y @mvanhorn/printing-pressorgo install github.com/mvanhorn/printing-press-library/library/productivity/cal-com/cmd/cal-com-pp-cli@latest. This downloads and executes code from the vendor's repositories. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, which allows the agent to POST command results, potentially containing sensitive calendar or attendee information, to any user-specified URL. - [DATA_EXFILTRATION]: The
feedbackcommand can be configured to send local data to a remote endpoint via theCAL_COM_FEEDBACK_ENDPOINTenvironment variable. - [COMMAND_EXECUTION]: The skill's primary function is to execute shell commands using the
cal-com-pp-clibinary with user-provided arguments.
Audit Metadata