lev-index
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the vendor-provided
@lev/indexlibrary and interacts with a local gRPC server on port 50052. Tools likeindex:buildandindex:addperform file system operations to read directories and files for the purpose of creating vector indexes. - [PROMPT_INJECTION]: The skill implements a 'Prompt Architect Overlay' which contains role-definition instructions for the agent. While intended for functional alignment, these instructions use assertive language to guide agent behavior during the execution of the skill.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) due to its core functionality of indexing and searching external data.
- Ingestion points: Data enters the system from user-specified directories and files via the
index:buildandindex:addtools. - Boundary markers: The documentation does not specify the use of delimiters or 'ignore embedded instructions' warnings for content retrieved during semantic searches.
- Capability inventory: The
index:searchtool retrieves potentially untrusted content from the index and presents it to the agent, creating a vector for hidden instructions to influence agent behavior. - Sanitization: There is no evidence of sanitization, filtering, or validation of the ingested text or file content before it is processed or displayed.
Audit Metadata