pp-marianatek

Warn

Audited by Snyk on May 20, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing and running remote code at runtime (e.g., "go install github.com/mvanhorn/printing-press-library/library/productivity/marianatek/cmd/marianatek-pp-cli@latest" and via "npx -y @mvanhorn/printing-press install marianatek --cli-only"), which fetches and executes third‑party code and is required for the skill to operate, so these external sources are a high-confidence runtime risk.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

  • Direct money access detected (high risk: 1.00). The skill exposes explicit payment and billing endpoints (not just generic API callers). Examples include commands to submit payments and create payment intents ("me reservations-cart-checkout-create — Submit payment for an add-ons cart", "me memberships-renewal-intent-create — Creates ... payment intent"), manage credit cards ("me credit-cards-create", "me credit-cards-update", "me credit-cards-destroy"), and redeem gift cards ("me account-redeem-giftcard-create"). These are direct financial execution actions (processing payments / managing payment methods), so it meets the criteria for Direct Financial Execution.

Issues (2)

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W009
MEDIUM

Direct money access capability detected (payment gateways, crypto, banking).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 20, 2026, 05:19 PM
Issues
2
Security Audit — snyk — pp-marianatek