reading-logseq-data
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection. It retrieves data from a user's Logseq graph which could contain malicious instructions. Ingestion points: Methods like
get_pageandsearchinscripts/logseq-client.pyread data from the graph. Boundary markers: No delimiters are used to separate graph content from agent instructions. Capability inventory: The skill usessubprocess.runand the agent has access toBashandReadtools. Sanitization: Retrieved content is not sanitized. - [COMMAND_EXECUTION]: The
scripts/logseq-client.pyscript executes CLI commands usingsubprocess.runto interact with the Logseq tool. - [DATA_EXFILTRATION]: The skill manages sensitive API tokens for Logseq authentication, which could be compromised if the API endpoint is redirected.
- [REMOTE_CODE_EXECUTION]: The
searchmethod inscripts/logseq-client.pyconstructs Datalog queries using unsafe string interpolation, which is vulnerable to query injection.
Audit Metadata