pp-pushover
Warn
Audited by Snyk on May 23, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly includes commands that download Open Client messages (e.g., "inbox sync — Download Open Client messages into local SQLite" and "messages download") — these are user-generated, third-party messages the agent is expected to read/parse (Agent Mode/JSON output), so their content could materially influence subsequent tool use or decisions.
Issues (1)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata