pp-producthunt

Warn

Audited by Snyk on May 23, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches public Product Hunt content (e.g., the public Atom feed via producthunt-pp-cli feed and GraphQL-backed commands like posts get, posts comments, posts since, context, and posts grep), consumes user-generated launches and comments, and exposes them to agent workflows via the documented --agent/JSON outputs—so untrusted third-party content is read and interpreted as part of the agent's decision-making flow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill requires installing and running a remote CLI (e.g., go install github.com/mvanhorn/printing-press-library/library/marketing/producthunt/cmd/producthunt-pp-cli@latest and the npx installer @mvanhorn/printing-press), which fetches and executes remote code at runtime and is a required dependency.

Issues (2)

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
MEDIUM
Analyzed
May 23, 2026, 04:20 AM
Issues
2
Security Audit — snyk — pp-producthunt