pp-lawhub
Warn
Audited by Snyk on May 17, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly instructs the agent to import an authenticated browser session and run commands like "lawhub-pp-cli sync browser", "sync history", and "sync report-metadata" to ingest user test/attempt data from the third‑party site https://app.lawhub.org, meaning untrusted/user-generated content from that external site is read and used to drive summaries, weakness reports, and subsequent actions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata