lfy-user
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes a vendor-provided command-line utility,
lfy-cli, to fetch information. This is the intended primary function of the skill for retrieving user and sales data. - [PROMPT_INJECTION]: Evaluated for indirect prompt injection risks. The skill processes output from the
lfy-clitool. Since the command arguments are static and do not interpolate untrusted user input directly into the shell command, the surface for command injection or complex indirect injection is effectively mitigated.
Audit Metadata