Skills
skills/cshen/skills/personal-wiki/Gen Agent Trust Hub

personal-wiki

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it ingests and summarizes untrusted data from user-provided URLs and raw files.
  • Ingestion points: Content fetched from user-supplied URLs and files located in the ~/Personal_wiki/raw/ directory.
  • Boundary markers: Absent. There are no explicit instructions or delimiters defined to separate user data from system instructions during processing.
  • Capability inventory: The skill can create directories and files within the user's home directory and perform network requests to fetch external content.
  • Sanitization: Absent. The skill does not describe any validation or sanitization of external text before it is integrated into the wiki.
  • [REMOTE_CODE_EXECUTION]: The skill provides a Python code template for OCR tasks that uses pytesseract and pdf2image. This involves the runtime execution of script content to process local files.
  • [COMMAND_EXECUTION]: The skill uses standard shell utilities, including mkdir, ls, grep, and tail, to initialize and manage the wiki's file structure and logging system within the ~/Personal_wiki/ directory.
  • [EXTERNAL_DOWNLOADS]: The skill references a PDF processing tool located in a public repository belonging to a well-known organization to handle document ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 05:20 AM