effective-liteparse
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
@llamaindex/liteparsepackage from npm. As LlamaIndex (run-llama) is the author of the skill, this is a standard vendor-provided utility. - [EXTERNAL_DOWNLOADS]: The
search.pyscript specifies dependencies onbm25sandaiofilesvia auvscript header. These are well-known, legitimate libraries for text retrieval and asynchronous file handling. - [COMMAND_EXECUTION]: The skill uses various shell commands including
grep,sed,head, andwcto search and manage extracted text. It also executes thelitCLI and the localsearch.pyhelper script for document analysis. - [DATA_EXPOSURE]: The instructions involve reading local files and writing temporary text extracts to the
/tmpdirectory. This is expected behavior for a document parsing workflow and does not involve unauthorized data access. - [PROMPT_INJECTION]: While the skill processes external documents which inherently pose a risk of indirect prompt injection, it promotes safety by recommending targeted search patterns and output bounding (e.g., using
head) rather than dumping entire files into the agent's context.
Audit Metadata