Skills
skills/oimiragieo/agent-studio/lsp-navigator/Gen Agent Trust Hub

lsp-navigator

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the analysis of workspace data.
  • Ingestion points: Source code content is ingested via LSP operations such as hover, documentSymbol, and findReferences using the filePath parameter.
  • Boundary markers: There are no explicit delimiters or instructions provided to the agent to disregard malicious instructions embedded in the code it analyzes.
  • Capability inventory: The skill utilizes the Bash and Read tools, and provides instructions for executing local diagnostic scripts and validating CommonJS modules using node -e.
  • Sanitization: pre-execute.cjs validates that filePath is an absolute path and that line/character coordinates are positive integers, but it does not sanitize the content returned by the LSP tool.
  • [COMMAND_EXECUTION]: The skill explicitly guides agents to use the Bash tool for running diagnostic tools like lsp-diagnostics-runner.cjs and for verifying module resolution via require() calls in a Node.js process. This is a functional requirement for its 'QA' and 'Architect' workflows.
  • [SAFE]: The skill uses local hooks (pre-execute.cjs and post-execute.cjs) for input validation and observability. The file system writes in post-execute.cjs are limited to appending events to a runtime log file.
  • [SAFE]: External references in the documentation and research requirements target official Microsoft and Claude Code documentation, which are trusted sources.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:50 PM