pp-food52
Warn
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the CLI and MCP tools from the npm registry and GitHub repositories associated with the vendor.- [REMOTE_CODE_EXECUTION]: Installs and executes binaries from remote sources using
go installandnpxas part of the setup process.- [COMMAND_EXECUTION]: Instructs the agent to perform shell operations for dependency installation, environment configuration, and execution of the recipe management CLI.- [DATA_EXFILTRATION]: The CLI includes a--deliverparameter that supportswebhook:<url>andfile:<path>sinks. This functionality allows an agent to route command results—which could include synchronized recipe data or local pantry information—to arbitrary external webhooks or overwrite local files.
Audit Metadata