pp-lemonsqueezy

Pass

Audited by Gen Agent Trust Hub on Jun 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires downloading and installing an external CLI binary using either npx -y @mvanhorn/printing-press-library install lemonsqueezy --cli-only or go install github.com/mvanhorn/printing-press-library/library/payments/lemonsqueezy/cmd/lemonsqueezy-pp-cli@latest.
  • [DATA_EXFILTRATION]: The lemonsqueezy-pp-cli tool includes a --deliver webhook:<url> flag. This feature allows the command output—which may contain sensitive financial data, customer emails, and license keys—to be sent to an arbitrary external URL.
  • [COMMAND_EXECUTION]: The skill relies on the Read Bash tool to execute the lemonsqueezy-pp-cli binary with user-supplied or agent-generated arguments.
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
  • Ingestion points: The skill ingests data from the Lemon Squeezy API (e.g., customer names, emails, and order metadata) via commands like customers list or orders get.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to treat API results as untrusted data.
  • Capability inventory: The skill has access to shell execution via Read Bash and file system access.
  • Sanitization: There is no evidence of sanitization or escaping of external content before it is presented to the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 28, 2026, 07:27 PM
Security Audit — agent-trust-hub — pp-lemonsqueezy