Skills
skills/lynx-community/skills/lynx-trace-analysis/Gen Agent Trust Hub

lynx-trace-analysis

Warn

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the node runtime to execute a local script located at scripts/trace_query.bundle.cjs. This file is referenced throughout the SKILL.md instructions but is not included in the provided 9 files, making it an unverifiable executable dependency.
  • [EXTERNAL_DOWNLOADS]: The trace query tools (such as id, metadata, and sql) support a --path option that can target remote URLs (e.g., https://example.com/trace.pftrace), allowing the skill to fetch and process data from arbitrary external servers.
  • [COMMAND_EXECUTION]: The sql tool allows the execution of raw SQL queries against trace data. While standard for performance analysis, this provides a powerful mechanism for data extraction and manipulation within the agent's environment.
  • [PROMPT_INJECTION]: The skill ingests untrusted trace data from external URLs and processes it using tools with significant capabilities, which constitutes an indirect prompt injection surface.
  • Ingestion points: Trace files and metadata loaded from external URLs or local paths via the --path argument (SKILL.md).
  • Boundary markers: The skill does not implement boundary markers or instructions to disregard embedded commands in the trace data.
  • Capability inventory: Execution of shell commands via node, raw SQL query execution, and the ability to write files to disk using the readData tool with the -o output flag (SKILL.md).
  • Sanitization: There is no evidence of content validation or sanitization for the data contained within the trace files prior to analysis.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 30, 2026, 03:02 PM
Security Audit — agent-trust-hub — lynx-trace-analysis