lazyvim
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill provides specific bash commands (using
nvim --headless) for the agent to programmatically discover current keybindings. This is a functional requirement for configuration assistance but involves local shell execution. - PROMPT_INJECTION (LOW): The skill possesses an Indirect Prompt Injection surface. 1. Ingestion points: Reads user-controlled configuration files in
/Users/trent/.config/nvim/. 2. Boundary markers: None. 3. Capability inventory: Execution of shell commands vianvim. 4. Sanitization: None. This allows untrusted data in the user's config files to potentially influence agent behavior.
Audit Metadata