skills/jazz1x/honne/lexi/Gen Agent Trust Hub

lexi

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local bash scripts provided by the plugin to perform lexicon scanning and extraction tasks. Evidence: found in SKILL.md using commands like bash "${CLAUDE_PLUGIN_ROOT}/scripts/honne" scan.
  • [PROMPT_INJECTION]: Indirect prompt injection surface identified where the skill processes and displays text extracted from repository files by the local tool.
  • Ingestion points: Reads candidate_claim and quotes from .honne/cache/scan.json and .honne/cache/.axis_lexicon.json.
  • Boundary markers: Absent. The instructions do not define delimiters for content extracted from untrusted files.
  • Capability inventory: The skill can execute shell commands via bash for recording results.
  • Sanitization: Absent. The instructions do not specify validation or sanitization of the extracted text before use in subsequent shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 03:48 AM
Security Audit — agent-trust-hub — lexi