logseq-cli
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes data from Logseq entities and command outputs. Ingestion points: Data returned from logseq list, logseq show, and logseq query commands. Boundary markers: No delimiters are specified to distinguish between tool output and instructions. Capability inventory: The skill can read/write files via graph export/import and manipulate entity content. Sanitization: There is no evidence of sanitization for entity content or CLI output.
- [COMMAND_EXECUTION]: The skill's primary function is to wrap the logseq CLI binary. This allows for filesystem modifications such as graph creation and data export, as well as the management of local background servers.
Audit Metadata