pp-offerup
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the
offerup-pp-cliandofferup-pp-mcpbinaries from the vendor's official GitHub repository (github.com/mvanhorn/printing-press-library) and via NPM (@mvanhorn/printing-press-library). - [COMMAND_EXECUTION]: Executes shell commands to perform installation tasks (
go install,npx) and to invoke the core CLI functionality for marketplace searches and data processing. - [DATA_EXFILTRATION]: Features a
--deliver webhook:<url>flag that allows command results to be POSTed to arbitrary external endpoints. Additionally, thefeedbackcommand can be configured to automatically transmit data to an external endpoint via theOFFERUP_FEEDBACK_ENDPOINTenvironment variable. - [CREDENTIALS_UNSAFE]: Provides mechanisms for capturing sensitive browser session cookies (
auth login --chrome) to enable authenticated access to a user's OfferUp account.
Audit Metadata