lx-sh
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes Unix-like shell commands via the lx CLI binary, primarily utilizing the lx sh --exec command for non-interactive execution.
- [EXTERNAL_DOWNLOADS]: The skill requires the lx CLI binary to be pre-installed on the system, which is a vendor-provided tool necessary for the skill's operation.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it reads and displays content from the knowledge base (/kb). * Ingestion points: The agent uses tools like cat, grep, tree, and awk to ingest potentially untrusted data from the knowledge base into its context. * Boundary markers: There are no specific instructions or delimiters defined to help the agent distinguish between its system instructions and the content retrieved from the files. * Capability inventory: The shell environment supports full pipeline processing, output redirection, and the ability to call other MCP tools using the mcp command. * Sanitization: The documentation does not specify any sanitization or validation steps for content retrieved from the /kb directory before processing by the agent.
Audit Metadata