lisa-learn
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary scripts defined in the target project's package.json (typecheck, lint, test) during the optional verification step (Step 6). If the target project is malicious, these scripts could execute unwanted code on the host machine.- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from an external project directory. * Ingestion points: .lisa-manifest (Step 2), git diff output (Step 3), and file content from git show (Step 8). * Boundary markers: No delimiters or protective instructions are used when passing project-sourced data to the analysis phase. * Capability inventory: Subprocess execution via git and package managers, and file writing to the local Lisa repository (Step 8). * Sanitization: None identified; the skill directly incorporates content from the target project into its analysis and potentially writes it back to the template repository.
Audit Metadata