lsp-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill processes untrusted source code from the workspace. Ingestion points: Workspace files (e.g., .go, .rs). Boundary markers: None. Capability inventory: Executes arbitrary binaries defined in plugin.json; can enable build scripts in LSP servers. Sanitization: None. A malicious repository could trigger RCE via the server's build system.
- COMMAND_EXECUTION (MEDIUM): The manifest and configs facilitate running system binaries like gopls or clangd. This is a powerful capability that allows the agent to spawn processes based on user-controlled or plugin-defined commands.
- EXTERNAL_DOWNLOADS (LOW): Recommends installing dependencies from trusted sources (NPM, Go, LLVM). Per [TRUST-SCOPE-RULE], these instructions are low risk.
Recommendations
- AI detected serious security threats
Audit Metadata