cli
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The documentation provides official guidance for developing and using the LobeHub CLI. The files are purely instructional and contain no executable code or malicious instructions.\n- [CREDENTIALS_UNSAFE]: The guide documents that encrypted tokens are stored in
~/.lobehub/credentials.json. This information is provided for architectural awareness and follows standard CLI configuration patterns.\n- [EXTERNAL_DOWNLOADS]: Thelh skill installcommand is detailed as a feature for fetching skills from GitHub repositories or remote ZIP URLs to extend platform capabilities.\n- [COMMAND_EXECUTION]: The CLI architecture includes@lobechat/local-file-shellfor shell command execution and file operations, which are documented features used for gateway connectivity.\n- [REMOTE_CODE_EXECUTION]: The skill installation mechanism allows for the ingestion of instructions and capabilities from remote sources, which is presented as a core feature of the agent ecosystem.\n- [PROMPT_INJECTION]: The documentation describes several data ingestion surfaces that present an indirect prompt injection risk:\n - Ingestion points: Content enters the agent context through
lh doc parse(references/knowledge.md) andlh skill install(references/skills-plugins.md).\n - Boundary markers: The architectural guide does not specify the use of delimiters or explicit instructions to ignore embedded commands.\n
- Capability inventory: The CLI tool possesses shell execution (
apps/cli/src/tools/shell.ts) and file system access capabilities.\n - Sanitization: Input validation and sanitization procedures are not covered in the provided development references.
Audit Metadata