wiki-qa
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its core functionality of reading codebase files.\n- Ingestion points: The agent accesses and reads source files from the repository to gather evidence (SKILL.md).\n- Boundary markers: The instructions lack explicit directives to the agent to treat file content as untrusted data or to disregard any instructions that might be embedded within those source files.\n- Capability inventory: The skill is limited to reading files and synthesizing text responses; no command execution or network access capabilities were identified in the skill definition (SKILL.md, wiki-qa).\n- Sanitization: No sanitization, validation, or filtering of the retrieved codebase content is performed before processing.
Audit Metadata