pp-pointhound

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the pointhound-pp-cli from vendor-controlled sources. Evidence includes installation commands referencing the @mvanhorn scope on npm and the mvanhorn repository on GitHub.
  • [COMMAND_EXECUTION]: The skill's primary function is to wrap and execute the pointhound-pp-cli binary to perform flight search and data analysis tasks.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The CLI tool includes functionality to deliver search results to external webhook URLs or local files via the --deliver flag. This is documented as a feature for automation and data routing.
  • [CREDENTIALS_UNSAFE]: The tool implements an authentication mechanism that reads session cookies (cf_clearance and ph_session) directly from the user's browser profile to maintain session state with the Pointhound web service.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 08:11 AM
Security Audit — agent-trust-hub — pp-pointhound