effective-liteparse

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @llamaindex/liteparse package from npm. As LlamaIndex (run-llama) is the author of the skill, this is a standard vendor-provided utility.
  • [EXTERNAL_DOWNLOADS]: The search.py script specifies dependencies on bm25s and aiofiles via a uv script header. These are well-known, legitimate libraries for text retrieval and asynchronous file handling.
  • [COMMAND_EXECUTION]: The skill uses various shell commands including grep, sed, head, and wc to search and manage extracted text. It also executes the lit CLI and the local search.py helper script for document analysis.
  • [DATA_EXPOSURE]: The instructions involve reading local files and writing temporary text extracts to the /tmp directory. This is expected behavior for a document parsing workflow and does not involve unauthorized data access.
  • [PROMPT_INJECTION]: While the skill processes external documents which inherently pose a risk of indirect prompt injection, it promotes safety by recommending targeted search patterns and output bounding (e.g., using head) rather than dumping entire files into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 10:10 AM
Security Audit — agent-trust-hub — effective-liteparse