gitea-wiki
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill ingest and processes untrusted content from Gitea wikis which could contain malicious instructions for the agent. \n
- Ingestion points:
mcp__gitea__get_wiki_pagein SKILL.md. \n - Boundary markers: Absent; the instructions do not specify any delimiters (e.g., XML tags) to wrap the decoded content. \n
- Capability inventory: The agent can execute shell commands (base64, tr, wiki-helper.sh) and modify the Gitea repository (create, update, delete). \n
- Sanitization: Absent; content and response fields are not validated or escaped before being processed by the shell or the agent. \n- [Command Execution] (LOW): The workflow guides the agent to construct shell commands using data from external API responses. If the response fields contain shell metacharacters, it could lead to command injection when the agent executes the provided bash snippets.
Audit Metadata