lf-discovery
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests untrusted data via WebFetch on user-supplied URLs and through direct text pastes in Phase 1. This content is analyzed in Phase 3 and Phase 7 without boundary markers (delimiters) or 'ignore' instructions, allowing malicious commands embedded in documents to potentially hijack the discovery process.
- [DATA_EXFILTRATION]: The skill reads sensitive local project files including CLAUDE.md and project manifests (package.json, go.mod, etc.) in Phase 4. Since the skill also has network access via WebFetch and WebSearch, there is a risk that project-specific metadata or internal configuration could be exfiltrated if the agent follows malicious instructions from an injected document.
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool for timestamp generation and the Write tool for file and directory creation. While currently used for legitimate organization, the reliance on AI to perform 'slugification' of user-provided arguments creates a potential path traversal risk if the agent fails to sanitize inputs before creating directories in the local file system.
Audit Metadata