pp-producthunt
Warn
Audited by Snyk on May 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public Product Hunt content (e.g., the public Atom feed via
producthunt-pp-cli feedand GraphQL-backed commands likeposts get,posts comments,posts since,context, andposts grep), consumes user-generated launches and comments, and exposes them to agent workflows via the documented--agent/JSON outputs—so untrusted third-party content is read and interpreted as part of the agent's decision-making flow.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running a remote CLI (e.g., go install github.com/mvanhorn/printing-press-library/library/marketing/producthunt/cmd/producthunt-pp-cli@latest and the npx installer @mvanhorn/printing-press), which fetches and executes remote code at runtime and is a required dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata