lucid-agent-creator
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the creation and execution of custom JavaScript handler code through the
create_lucid_agenttool. This code is executed in a VM sandbox on the Lucid platform. - [DATA_EXFILTRATION]: JS handlers can be granted network access via the
fetchAPI. If theallowedHostsconfiguration is set to["*"]or contains malicious domains, it can be used to exfiltrate data processed by the agent. - [EXTERNAL_DOWNLOADS]: The documentation references the
@lucid-agents/paymentsNode.js package for use in custom SDK implementations. - [PROMPT_INJECTION]: The skill introduces a surface for indirect prompt injection (Category 8).
- Ingestion points: Untrusted external data enters the handler context via the
inputglobal variable. - Boundary markers: The skill does not describe or implement boundary markers or instructions for the agent to ignore malicious commands embedded in the
inputdata. - Capability inventory: Handlers can perform network requests (
fetch) and process arbitrary logic, which could be exploited if malicious input is successfully injected. - Sanitization: There is no mention of sanitization, filtering, or validation for the content of the
inputvariable in the handler logic.
Audit Metadata