pp-lemonsqueezy
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing an external CLI binary using either
npx -y @mvanhorn/printing-press-library install lemonsqueezy --cli-onlyorgo install github.com/mvanhorn/printing-press-library/library/payments/lemonsqueezy/cmd/lemonsqueezy-pp-cli@latest. - [DATA_EXFILTRATION]: The
lemonsqueezy-pp-clitool includes a--deliver webhook:<url>flag. This feature allows the command output—which may contain sensitive financial data, customer emails, and license keys—to be sent to an arbitrary external URL. - [COMMAND_EXECUTION]: The skill relies on the
Read Bashtool to execute thelemonsqueezy-pp-clibinary with user-supplied or agent-generated arguments. - [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: The skill ingests data from the Lemon Squeezy API (e.g., customer names, emails, and order metadata) via commands like
customers listororders get. - Boundary markers: No explicit delimiters or instructions are provided to the agent to treat API results as untrusted data.
- Capability inventory: The skill has access to shell execution via
Read Bashand file system access. - Sanitization: There is no evidence of sanitization or escaping of external content before it is presented to the agent's context.
Audit Metadata