pp-food52

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the CLI and MCP tools from the npm registry and GitHub repositories associated with the vendor.- [REMOTE_CODE_EXECUTION]: Installs and executes binaries from remote sources using go install and npx as part of the setup process.- [COMMAND_EXECUTION]: Instructs the agent to perform shell operations for dependency installation, environment configuration, and execution of the recipe management CLI.- [DATA_EXFILTRATION]: The CLI includes a --deliver parameter that supports webhook:<url> and file:<path> sinks. This functionality allows an agent to route command results—which could include synchronized recipe data or local pantry information—to arbitrary external webhooks or overwrite local files.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 05:31 PM
Security Audit — agent-trust-hub — pp-food52