pp-offerup

Pass

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download the offerup-pp-cli and offerup-pp-mcp binaries from the vendor's official GitHub repository (github.com/mvanhorn/printing-press-library) and via NPM (@mvanhorn/printing-press-library).
  • [COMMAND_EXECUTION]: Executes shell commands to perform installation tasks (go install, npx) and to invoke the core CLI functionality for marketplace searches and data processing.
  • [DATA_EXFILTRATION]: Features a --deliver webhook:<url> flag that allows command results to be POSTed to arbitrary external endpoints. Additionally, the feedback command can be configured to automatically transmit data to an external endpoint via the OFFERUP_FEEDBACK_ENDPOINT environment variable.
  • [CREDENTIALS_UNSAFE]: Provides mechanisms for capturing sensitive browser session cookies (auth login --chrome) to enable authenticated access to a user's OfferUp account.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 29, 2026, 08:09 AM
Security Audit — agent-trust-hub — pp-offerup