Skills
skills/tencent-lexiang/lexiang-cli/lx-url-route/Gen Agent Trust Hub

lx-url-route

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires and executes the lx CLI binary to perform operations based on user-provided URLs, such as fetching page details or listing team spaces.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and parsing untrusted data (user-provided URLs) to extract parameters for CLI commands.
  • Ingestion points: The skill parses external URLs from mp.weixin.qq.com and lexiang.tencent.com to extract entry_id, space_id, and team_id in SKILL.md.
  • Boundary markers: Absent; the instructions do not include specific delimiters or warnings to the agent to disregard potential instructions embedded within the URLs.
  • Capability inventory: The skill uses the lx binary to execute commands like describe-ai-parse-content, describe-space, list-spaces, and create-hyperlink.
  • Sanitization: There is no evidence of parameter validation or sanitization before the extracted values are interpolated into the lx CLI commands.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 09:42 PM
Security Audit — agent-trust-hub — lx-url-route