lx-entry
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the
lxCLI to perform administrative tasks on knowledge entries and files. It also utilizescurlas a necessary step in the file upload workflow to transmit data to a pre-signed URL. \n- [EXTERNAL_DOWNLOADS]: The skill provides tools to retrieve download links for files stored in the knowledge base via thelx file download-filecommand.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and parses external content from the knowledge base (e.g., throughlx entry describe-ai-parse-content) to provide information to the agent.\n - Ingestion points: The
lx entry describe-ai-parse-contentcommand retrieves HTML, Markdown, or OCR content from specified entries (documented in SKILL.md and entry-crud.md).\n - Boundary markers: The instructions do not specify any delimiters or warnings to ignore instructions found within the retrieved entry content.\n
- Capability inventory: The skill possesses significant write and modification capabilities, such as
create-entry,move-entry,import-content,set-entry-tags, andsave-markdown-draft.\n - Sanitization: There is no evidence of content sanitization or validation before the retrieved data is processed by the agent.
Audit Metadata