Skills
skills/frankieew/agent-skills/lmfdb-cli/Gen Agent Trust Hub

lmfdb-cli

Warn

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing the lmfdb-cli tool from a third-party Homebrew tap (frankieew/tap).
  • [EXTERNAL_DOWNLOADS]: The tool includes a command lmfdb install-browser which downloads an external Chromium browser binary from a remote source to the local system.
  • [COMMAND_EXECUTION]: The skill relies on executing the custom lmfdb binary to perform mathematical lookups via the command line.
  • [COMMAND_EXECUTION]: The CLI tool has the capability to write query results directly to the local filesystem using the -o flag (e.g., saving to .csv or .json files).
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8) when processing data fetched from the external LMFDB database.
  • Ingestion points: Output from lmfdb CLI commands containing mathematical data.
  • Boundary markers: None specified to separate database content from agent reasoning.
  • Capability inventory: Shell command execution and local filesystem write access.
  • Sanitization: No validation or escaping of the external data is described.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 12, 2026, 11:49 PM