pp-lawhub

Warn

Audited by Snyk on May 17, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.70). The skill's required workflow explicitly instructs the agent to import an authenticated browser session and run commands like "lawhub-pp-cli sync browser", "sync history", and "sync report-metadata" to ingest user test/attempt data from the third‑party site https://app.lawhub.org, meaning untrusted/user-generated content from that external site is read and used to drive summaries, weakness reports, and subsequent actions.

Issues (1)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 11:27 PM
Issues
1
Security Audit — snyk — pp-lawhub