pp-exchangerate-api

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the exchangerate-api-pp-cli tool using npx from @mvanhorn/printing-press-library or go install from github.com/mvanhorn/printing-press-library. These are vendor-owned resources.
  • [REMOTE_CODE_EXECUTION]: The installation methods involve downloading and executing binaries and scripts from the vendor's GitHub repository and the npm registry.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> parameter, which allows any command output to be sent to an arbitrary external URL via an HTTP POST request.
  • [DATA_EXFILTRATION]: The skill includes a feedback command that can be configured to automatically exfiltrate local interaction logs to a remote endpoint if specific environment variables are set.
  • [COMMAND_EXECUTION]: The skill's primary operation involves executing shell commands to interact with the installed exchange rate CLI tool.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 11:17 AM
Security Audit — agent-trust-hub — pp-exchangerate-api