effective-liteparse

Pass

Audited by Gen Agent Trust Hub on Jun 19, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the lit CLI tool to parse local document files (PDF, DOCX, etc.) into text format for further processing.\n- [COMMAND_EXECUTION]: Standard shell utilities such as grep, sed, head, and wc are used to search and inspect the contents of extracted text files stored in temporary directories.\n- [COMMAND_EXECUTION]: A custom Python script (scripts/search.py) is executed using the uv tool to perform ranked, keyword-based searches on local text files.\n- [EXTERNAL_DOWNLOADS]: The documentation suggests installing the @llamaindex/liteparse package via npm to provide the necessary parsing capabilities. This is a vendor-owned package from LlamaIndex.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through document parsing.\n
  • Ingestion points: External document files are processed using the lit parse command in SKILL.md.\n
  • Boundary markers: The skill instructs the agent to search for specific context, which reduces the data volume, but it does not provide explicit delimiters for the extracted text.\n
  • Capability inventory: The skill utilizes shell command execution and Python scripting to process files.\n
  • Sanitization: Extracted text from documents is processed and surfaced without sanitization or filtering.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 19, 2026, 12:01 AM
Security Audit — agent-trust-hub — effective-liteparse