skills/kunchenguid/lavish-axi/lavish/Gen Agent Trust Hub

lavish

Warn

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill uses 'npx -y lavish-axi' to fetch and execute the 'lavish-axi' package from the NPM registry at runtime. The '-y' flag bypasses user confirmation for the installation of the package.
  • [REMOTE_CODE_EXECUTION]: By invoking 'npx' with an unverified third-party package, the skill executes remote code in the local environment. This tool is used for artifact serving, playbook retrieval, and processing user feedback.
  • [COMMAND_EXECUTION]: The skill triggers multiple shell commands to create project directories ('.lavish/'), generate HTML files, and manage background processes for a local Express.js server and a feedback polling loop.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the 'npx -y lavish-axi poll' mechanism. * Ingestion points: The agent reads user annotations, feedback, and 'queued prompts' from an external browser session via the poll command in SKILL.md. * Boundary markers: There are no delimiters or instructions provided to the agent to treat the ingested feedback as untrusted content or to ignore embedded instructions. * Capability inventory: The agent has permissions to execute shell commands (npx), write files to the local disk, and manage network processes. * Sanitization: The skill does not describe any validation or sanitization of the data retrieved from the polling command before it is integrated into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jul 1, 2026, 04:38 PM
Security Audit — agent-trust-hub — lavish