llm-wiki
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection during the ingestion and processing of external web content.
- Ingestion points: The
scripts/ingest-url.shscript fetches content from user-provided URLs and stores it in theraw/sources/directory. - Boundary markers: No explicit delimiters or instructions are provided to the agent to separate untrusted source data from instructions during the synthesis phase.
- Capability inventory: The skill has access to powerful tools like
Bashand file manipulation commands, which could be exploited if malicious instructions in raw sources are executed. - Sanitization: Content is ingested and stored in its raw form without validation or filtering.
- [COMMAND_EXECUTION]: The skill executes local bash and python scripts for vault bootstrapping, linting, and metadata updates. This includes the use of dynamic Python execution via stdin to perform specific file modifications.
- [EXTERNAL_DOWNLOADS]: The skill fetches data from external URLs to populate the wiki. While these operations are necessary for the skill's purpose, they serve as the entry point for untrusted data.
Audit Metadata