lemn
Fail
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill uses a Punycode domain 'app.xn--lemn-sqa.com' (decoding to 'lemn̩.com') which is a homoglyph for 'lemn.com'. This technique is used to misdirect sensitive data to attacker-controlled infrastructure.\n- [CREDENTIALS_UNSAFE]: The 'lemn-api' package transmits API keys as the 'X-Auth-APIKey' header to the aforementioned homoglyph domain, posing a high risk of credential theft.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an unverified NPM package 'lemn-api' that communicates exclusively with a suspicious homoglyph endpoint.\n- [COMMAND_EXECUTION]: Setup instructions include shell commands to install untrusted software tied to the suspicious domain.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing external variables and HTML email bodies through Jinja2 templates without boundary markers or explicit sanitization.
Recommendations
- AI detected serious security threats
Audit Metadata