effective-liteparse

Pass

Audited by Gen Agent Trust Hub on Jun 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes standard shell utilities like grep, sed, head, and wc, along with the lit CLI tool to manage and query document data stored in temporary files.
  • [EXTERNAL_DOWNLOADS]: Instructions guide the user to install @llamaindex/liteparse via NPM and use the uv tool for managing Python dependencies (bm25s, aiofiles). These originate from well-known technology organizations and official registries.
  • [PROMPT_INJECTION]: The skill processes untrusted document data from files (PDF, DOCX, images) which introduces an indirect prompt injection surface.
  • Ingestion points: Document content extracted via lit parse in SKILL.md.
  • Boundary markers: None present to distinguish document content from system instructions.
  • Capability inventory: Shell execution (bash) and Python execution (search.py).
  • Sanitization: No sanitization of parsed document text before it is returned to the agent context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 22, 2026, 05:41 PM
Security Audit — agent-trust-hub — effective-liteparse