lexi
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local bash scripts provided by the plugin to perform lexicon scanning and extraction tasks. Evidence: found in SKILL.md using commands like
bash "${CLAUDE_PLUGIN_ROOT}/scripts/honne" scan. - [PROMPT_INJECTION]: Indirect prompt injection surface identified where the skill processes and displays text extracted from repository files by the local tool.
- Ingestion points: Reads
candidate_claimandquotesfrom.honne/cache/scan.jsonand.honne/cache/.axis_lexicon.json. - Boundary markers: Absent. The instructions do not define delimiters for content extracted from untrusted files.
- Capability inventory: The skill can execute shell commands via bash for recording results.
- Sanitization: Absent. The instructions do not specify validation or sanitization of the extracted text before use in subsequent shell commands.
Audit Metadata