pp-revenuecat
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads binaries and source code from the author's GitHub repository (github.com/mvanhorn/printing-press-library) and the @mvanhorn/printing-press-library NPM package during setup.
- [REMOTE_CODE_EXECUTION]: Installation instructions utilize
npxandgo installto download and install executable binaries from remote repositories at runtime. - [COMMAND_EXECUTION]: The skill is designed to drive the
revenuecat-pp-clibinary using theBashtool to perform actions such as retrieving revenue snapshots, analyzing churn, and managing subscriptions. - [DATA_EXFILTRATION]: The CLI tool supports a
--deliver webhook:<url>flag, allowing it to POST its output (which may contain sensitive revenue and user data) to an arbitrary external URL. This is a documented feature of the tool itself.
Audit Metadata