effective-liteparse
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the lit CLI tool to parse local document files (PDF, DOCX, etc.) into text format for further processing.\n- [COMMAND_EXECUTION]: Standard shell utilities such as grep, sed, head, and wc are used to search and inspect the contents of extracted text files stored in temporary directories.\n- [COMMAND_EXECUTION]: A custom Python script (scripts/search.py) is executed using the uv tool to perform ranked, keyword-based searches on local text files.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the @llamaindex/liteparse package via npm to provide the necessary parsing capabilities. This is a vendor-owned package from LlamaIndex.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through document parsing.\n
- Ingestion points: External document files are processed using the lit parse command in SKILL.md.\n
- Boundary markers: The skill instructs the agent to search for specific context, which reduces the data volume, but it does not provide explicit delimiters for the extracted text.\n
- Capability inventory: The skill utilizes shell command execution and Python scripting to process files.\n
- Sanitization: Extracted text from documents is processed and surfaced without sanitization or filtering.
Audit Metadata