pp-harris-teeter
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs CLI tools from the vendor's GitHub repository (
github.com/mvanhorn/printing-press-library) and NPM registry (@mvanhorn/printing-press). - [REMOTE_CODE_EXECUTION]: Uses
npx -yto download and execute an installer script andgo installto download, build, and install binaries from remote sources. - [DATA_EXFILTRATION]: Implements the
auth login --chromecommand which programmatically reads Harris Teeter session cookies directly from the user's local Chrome browser profile to establish an authenticated session. - [DATA_EXFILTRATION]: Provides a
--deliver webhook:<url>feature allowing the agent to POST command results—which may include sensitive account details, preferences, cart contents, and shopping lists—to an arbitrary external URL provided as an argument. - [COMMAND_EXECUTION]: Requires the execution of shell commands via the
bashtool to perform installation, environment verification, and operational tasks using theharris-teeter-pp-clibinary.
Audit Metadata