pp-lawhub

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the lawhub-pp-cli binary from the developer's GitHub repository using the Go toolchain.
  • [COMMAND_EXECUTION]: The skill uses a custom CLI tool to manage LawHub session data, synchronize test history, and generate weakness reports.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection through the processing of LawHub metadata and user-authored notes.
  • Ingestion points: LawHub test history and score metadata retrieved via sync commands (SKILL.md).
  • Boundary markers: No delimiters or explicit instructions to ignore embedded content are provided.
  • Capability inventory: Shell command execution via lawhub-pp-cli (SKILL.md).
  • Sanitization: No sanitization or validation of the ingested external content is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 11:27 PM
Security Audit — agent-trust-hub — pp-lawhub