lisa-integration-test
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- Command Execution (MEDIUM): The skill executes various commands including
bun run,npm run, andgitwithin a user-provided project directory. It relies on the target project's internal configuration to define which scripts are run during verification steps. - Evidence: Step 5 and Step 6 execute scripts like
typecheck,lint, andtestfrom the project's environment. - Remote Code Execution (MEDIUM): Because the skill executes scripts defined in a target repository's
package.jsonor equivalent, an attacker who controls the target repository could achieve code execution on the user's machine when this skill is run against it. - Evidence: Step 5 dynamically determines the package manager and executes lifecycle scripts.
- Indirect Prompt Injection (LOW): The skill analyzes error logs and project files to autonomously decide how to modify source code (Step 6). A malicious project could generate specific error messages designed to trick the agent into introducing vulnerabilities during the automated 'fix' phase.
- Ingestion points:
<project-path>/.lisa-manifest, and error output from Step 5. - Boundary markers: None present.
- Capability inventory: File write access (Step 6), Command execution (Steps 3, 5, 6), and Network operations via
git push(Step 7). - Sanitization: No sanitization of error logs or manifest content is performed before analysis.
Audit Metadata