pp-setlist-fm

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of external binaries using npx -y @mvanhorn/printing-press-library and go install github.com/mvanhorn/printing-press-library/.... These sources are controlled by the skill's author and involve executing code from external registries during setup.
  • [COMMAND_EXECUTION]: The skill's core functionality relies on executing the setlist-fm-pp-cli binary through shell commands via the Bash tool to perform data analysis and search operations.
  • [DATA_EXFILTRATION]: The CLI tool includes a --deliver webhook:<url> parameter that enables the transmission of command results to arbitrary external webhooks, which could be used to send retrieved data to third-party servers.
  • [DATA_EXFILTRATION]: The skill includes a feedback command designed to POST information to a remote server if the SETLIST_FM_FEEDBACK_ENDPOINT environment variable is defined.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:59 AM
Security Audit — agent-trust-hub — pp-setlist-fm