Skills
skills/dair-ai/dair-academy-plugins/wiki-builder/Gen Agent Trust Hub

wiki-builder

Pass

Audited by Gen Agent Trust Hub on May 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses a local shell script (scripts/init_wiki.sh) to scaffold new wikis. Parameters like slug and title are passed from the agent to the script. The slug is validated with a regex, and while the title is used in sed commands, it does not pose a shell injection risk as it is not evaluated as code.
  • [PROMPT_INJECTION]: The skill is designed to ingest and summarize external data from the raw/ directory, making it a surface for indirect prompt injection.
  • Ingestion points: Files in the raw/ folder and entries in sources.md.
  • Boundary markers: Prompt templates in templates/prompts/ do not use explicit delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill can execute local scripts and write to the filesystem.
  • Sanitization: No input sanitization is performed on the source material.
Audit Metadata
Risk Level
SAFE
Analyzed
May 7, 2026, 12:50 AM