Skills
skills/6fy/lfy-cli/lfy-pipeline/Gen Agent Trust Hub

lfy-pipeline

Warn

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute the lfy-cli utility by interpolating user-supplied strings like <keywords> and <gtm_id> directly into a shell command's JSON argument. This creates a risk of command injection if the agent fails to properly sanitize inputs that could break out of the single-quoted string context or the JSON structure.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing data retrieved from external CLI tool outputs without proper sanitization.
  • Ingestion points: Data is ingested from the stdout of lfy-cli pipeline search and lfy-cli pipeline get_sales_stage (as documented in references/search.md and references/get_sales_stage.md).
  • Boundary markers: The skill does not define clear delimiters or provide instructions to the agent to treat the external tool output as untrusted or separate from the primary instructions.
  • Capability inventory: The skill possesses the capability to execute shell commands via the lfy-cli binary.
  • Sanitization: There is no evidence of data validation, escaping, or sanitization of the content returned by the external business systems before it is presented to or processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 16, 2026, 01:51 AM