Skip to main content

pp-customer-io

Automates Customer.io actions for marketers and ops engineers, enhancing campaign management and data analysis through a CLI interface.

Install this skill

or
64/100

Security score

The pp-customer-io skill was audited on Jun 6, 2026 and we found 8 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 180

Webhook reference - potential data exfiltration

SourceSKILL.md
180**webhooks** — Manage Reporting Webhooks for delivery + engagement events
medium line 182

Webhook reference - potential data exfiltration

SourceSKILL.md
182- `customer-io-pp-cli webhooks get` — Get one Reporting Webhook
medium line 183

Webhook reference - potential data exfiltration

SourceSKILL.md
183- `customer-io-pp-cli webhooks list` — List Reporting Webhooks
medium line 300

Webhook reference - potential data exfiltration

SourceSKILL.md
300| `webhook:<url>` | POST the output body to the URL (`application/json` or `application/x-ndjson` when `--compact`) |
medium line 302

Webhook reference - potential data exfiltration

SourceSKILL.md
302Unknown schemes are refused with a structured error naming the supported set. Webhook failures return non-zero and log the URL + HTTP status on stderr.
medium line 234

Access to hidden dotfiles in home directory

SourceSKILL.md
234Drop --dry-run to commit. Every call lands in `~/.customer-io/audit/suppressions-2026-05-07.jsonl` with timestamp, recipient, status, and HTTP code — defensible later.
medium line 288

Access to hidden dotfiles in home directory

SourceSKILL.md
288Entries are stored locally at `~/.customer-io-pp-cli/feedback.jsonl`. They are never POSTed unless `CUSTOMER_IO_FEEDBACK_ENDPOINT` is set AND either `--send` is passed or `CUSTOMER_IO_FEEDBACK_AUTO_SE
low line 246

External URL reference

SourceSKILL.md
246Customer.io uses Service Account tokens (`sa_live_*` prefix). The CLI exchanges the token for a short-lived JWT via the OAuth client-credentials endpoint at `https://us.fly.customer.io/v1/service_acco
Scanned on Jun 6, 2026
View Security Dashboard
Installation guide →
GitHub Stars 1.4K
Rate this skill
Categorymarketing
UpdatedJune 13, 2026
claudeclaude-codefrontenddesignnotionexceldocxgitapidatabasetestingbackendemail-marketermarketing-analystgrowth-marketersdrcustomer-success-managermarketingsales
mvanhorn/printing-press-library