lisa-integration-test
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary scripts from the target project (e.g.,
bun run typecheck,npm run lint,bun run test). These commands are defined in the project'spackage.jsonand represent a risk if the target project contains malicious configurations. - [DATA_EXFILTRATION]: The skill is designed to perform
git pushoperations to remote repositories. While part of the intended workflow, this allows the agent to send local data to external servers automatically. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It reads project files (like
.lisa-manifest) and processes error outputs from compilers and test runners to "diagnose" and "fix" code. A malicious project could use crafted error messages or file contents to influence the agent into performing unintended file modifications or command executions. - [COMMAND_EXECUTION]: The skill automatically modifies local files and stages them for commit (
git add,git commit) based on its own analysis of build failures, which involves processing untrusted data from the project environment.
Audit Metadata