effective-liteparse
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes standard shell utilities like
grep,sed,head, andwc, along with thelitCLI tool to manage and query document data stored in temporary files. - [EXTERNAL_DOWNLOADS]: Instructions guide the user to install
@llamaindex/liteparsevia NPM and use theuvtool for managing Python dependencies (bm25s,aiofiles). These originate from well-known technology organizations and official registries. - [PROMPT_INJECTION]: The skill processes untrusted document data from files (PDF, DOCX, images) which introduces an indirect prompt injection surface.
- Ingestion points: Document content extracted via
lit parseinSKILL.md. - Boundary markers: None present to distinguish document content from system instructions.
- Capability inventory: Shell execution (bash) and Python execution (
search.py). - Sanitization: No sanitization of parsed document text before it is returned to the agent context.
Audit Metadata