pp-lawhub
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
lawhub-pp-clibinary from the developer's GitHub repository using the Go toolchain. - [COMMAND_EXECUTION]: The skill uses a custom CLI tool to manage LawHub session data, synchronize test history, and generate weakness reports.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of LawHub metadata and user-authored notes.
- Ingestion points: LawHub test history and score metadata retrieved via
synccommands (SKILL.md). - Boundary markers: No delimiters or explicit instructions to ignore embedded content are provided.
- Capability inventory: Shell command execution via
lawhub-pp-cli(SKILL.md). - Sanitization: No sanitization or validation of the ingested external content is mentioned.
Audit Metadata