trent-lazyvim
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides specific shell commands using
nvim --headlessand Lua scripts to programmatically extract keybindings and Neovim state. These commands allow for arbitrary code execution within the Neovim environment to facilitate the skill's management tasks.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it explicitly instructs the agent to read and process local Neovim configuration files (e.g.,init.lua,plugins/*.lua). These files could contain malicious instructions embedded in comments or strings intended to hijack the agent's behavior. - Ingestion points: The agent is directed to read files located in
/Users/trent/.config/nvim/. - Boundary markers: There are no specific delimiters or instructions provided to help the agent differentiate between legitimate configuration data and malicious embedded prompts.
- Capability inventory: The skill enables shell command execution via Neovim and grants the agent the ability to read and potentially modify local configuration files.
- Sanitization: No sanitization, validation, or filtering of the configuration file content is implemented before the agent processes it.
Audit Metadata