lychee
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill describes the use of the
lycheeCLI tool to check for broken links in codebases and websites. This command execution is the primary function of the skill and is used legitimately. - [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it instructs the agent to process data from potentially untrusted sources like external URLs and local files. Ingestion points: Untrusted data enters the agent context when scanning local files (e.g.,
lychee .) or external web pages (e.g.,lychee https://example.com). Boundary markers: No specific boundary markers or instructions to ignore embedded commands are included in the skill documentation. Capability inventory: The skill executes thelycheecommand, which extracts links and status messages that are then returned to and processed by the agent. Sanitization: There is no evidence of sanitization or content filtering performed on the data ingested from files or URLs before the agent receives the tool output.
Audit Metadata