lsp-setup
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes shell commands to identify the host operating system (
uname -s) and verify the availability of installed binaries (which,where.exe). - [EXTERNAL_DOWNLOADS]: Automates the installation of LSP servers through standard package management tools including
npm,pip,brew,go,gem, andapt. These installations pull from official registries and well-known project domains such as GitHub, LLVM, and Eclipse. - [PROMPT_INJECTION]: The skill instructions include a fallback to search the web for unsupported languages if they are not present in the reference file. This introduces a surface for indirect prompt injection where instructions from external search results could influence agent behavior.
- Ingestion points: External search results retrieved via web search when a language is missing from
references/lsp-servers.md. - Boundary markers: Absent — instructions do not define delimiters for processing external search content.
- Capability inventory: Shell command execution (installation) and file system writes (configuration updates).
- Sanitization: Absent — the skill does not specify validation or filtering of content found via web search.
Audit Metadata