pp-marianatek
Warn
Audited by Snyk on May 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill explicitly instructs installing and running remote code at runtime (e.g., "go install github.com/mvanhorn/printing-press-library/library/productivity/marianatek/cmd/marianatek-pp-cli@latest" and via "npx -y @mvanhorn/printing-press install marianatek --cli-only"), which fetches and executes third‑party code and is required for the skill to operate, so these external sources are a high-confidence runtime risk.
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill exposes explicit payment and billing endpoints (not just generic API callers). Examples include commands to submit payments and create payment intents ("me reservations-cart-checkout-create — Submit payment for an add-ons cart", "me memberships-renewal-intent-create — Creates ... payment intent"), manage credit cards ("me credit-cards-create", "me credit-cards-update", "me credit-cards-destroy"), and redeem gift cards ("me account-redeem-giftcard-create"). These are direct financial execution actions (processing payments / managing payment methods), so it meets the criteria for Direct Financial Execution.
Issues (2)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata