pp-revenuecat

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads binaries and source code from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and the @mvanhorn/printing-press-library NPM package during setup.
  • [REMOTE_CODE_EXECUTION]: Installation instructions utilize npx and go install to download and install executable binaries from remote repositories at runtime.
  • [COMMAND_EXECUTION]: The skill is designed to drive the revenuecat-pp-cli binary using the Bash tool to perform actions such as retrieving revenue snapshots, analyzing churn, and managing subscriptions.
  • [DATA_EXFILTRATION]: The CLI tool supports a --deliver webhook:<url> flag, allowing it to POST its output (which may contain sensitive revenue and user data) to an arbitrary external URL. This is a documented feature of the tool itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 06:36 AM
Security Audit — agent-trust-hub — pp-revenuecat