Skills
NYC
skills/lsp-client/lsp-skill/lsp-code-analysis/Gen Agent Trust Hub

lsp-code-analysis

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [Unverifiable Dependencies & Remote Code Execution] (HIGH): The script scripts/update.sh implements a self-update mechanism that downloads a ZIP archive from a non-whitelisted GitHub repository (lsp-client/lsp-skill) and replaces the skill's local files. This allows unverified remote modification of the skill's behavior. Source: https://github.com/lsp-client/lsp-skill/releases/latest/download/lsp-code-analysis.zip; Method: Download, extract, and overwrite; Status: Unknown source.
  • [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The update script performs a global installation of the lsp-cli tool using uv tool install. Source: lsp-cli (PyPI); Method: uv tool install; Status: Unknown source (unverifiable dependency).
  • [Indirect Prompt Injection] (LOW): The skill analyzes external codebases via LSP tools, which creates a surface for indirect prompt injection. 1. Ingestion points: Source code files read by lsp commands. 2. Boundary markers: Absent. 3. Capability inventory: Shell script execution and file modification via lsp-cli. 4. Sanitization: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 05:05 PM