pp-delta-trip
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to download and install a CLI tool using 'npx' from the '@mvanhorn/printing-press-library' package and 'go install' from 'github.com/mvanhorn/printing-press-library'. These resources are associated with the skill's author.\n- [DATA_EXFILTRATION]: The CLI tool includes a '--deliver webhook:' flag that enables the agent to send command outputs, which may contain sensitive travel information like confirmation numbers and passenger names, to an external URL.\n- [COMMAND_EXECUTION]: The skill executes the 'delta-trip-pp-cli' binary using shell commands and supports a '--deliver file:' option, allowing results to be written to the local file system.\n- [COMMAND_EXECUTION]: The skill processes user-provided arguments such as flight confirmation numbers and passenger names directly into shell commands, creating a surface for potential argument injection.
Audit Metadata