lcrm-search
Pass
Audited by Gen Agent Trust Hub on Mar 26, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The
scripts/request.mjsutility includes a--body-fileargument that allows the agent to read the contents of local files and send them as payloads to the CRM API. This creates a potential path for data exfiltration if the agent is manipulated into reading sensitive configuration or credential files. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it retrieves data from an external API and presents it to the agent without sanitization.
- Ingestion points: Data enters the agent's context from the LCRM API (e.g.,
https://crm.langcore.net) throughscripts/search.mjsandscripts/request.mjs. - Boundary markers: Absent; the scripts print raw JSON responses directly to the console without delimiters or instructions to ignore embedded commands.
- Capability inventory: The skill has the ability to perform network operations (HTTP GET/POST/PUT/DELETE) and read local files via the provided scripts.
- Sanitization: No filtering or escaping is performed on the external data before it is presented to the agent.
Audit Metadata