lightpanda
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to wrap the
lightpandacommand-line utility. It provides instructions on how the agent should execute this binary to perform tasks likefetch,serve, andmcp. This assumes the binary is already present on the host system's PATH. - [INDIRECT_PROMPT_INJECTION]: The skill's primary function is to fetch content from arbitrary external URLs and return that data (in HTML, Markdown, or Semantic Tree formats) to the agent's context. This creates a surface for indirect prompt injection if the fetched content contains malicious instructions designed to influence the agent's behavior.
- Ingestion points: Untrusted data enters the agent context through the
lightpanda fetchcommand via the URL parameter and the resulting page content (SKILL.md). - Boundary markers: The instructions do not specify the use of delimiters or specific system instructions to ignore potential commands within the fetched content.
- Capability inventory: The skill has the capability to execute the local
lightpandabinary and perform network requests to any reachable URL. - Sanitization: There is no evidence of sanitization or filtering of the fetched content beyond the built-in formatting options (like
--strip_mode).
Audit Metadata