pp-setlist-fm
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of external binaries using
npx -y @mvanhorn/printing-press-libraryandgo install github.com/mvanhorn/printing-press-library/.... These sources are controlled by the skill's author and involve executing code from external registries during setup. - [COMMAND_EXECUTION]: The skill's core functionality relies on executing the
setlist-fm-pp-clibinary through shell commands via theBashtool to perform data analysis and search operations. - [DATA_EXFILTRATION]: The CLI tool includes a
--deliver webhook:<url>parameter that enables the transmission of command results to arbitrary external webhooks, which could be used to send retrieved data to third-party servers. - [DATA_EXFILTRATION]: The skill includes a
feedbackcommand designed to POST information to a remote server if theSETLIST_FM_FEEDBACK_ENDPOINTenvironment variable is defined.
Audit Metadata