wiki-commit
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes standard shell commands for repository management, including
git remote,git fetch,git pull,git status, andgit push. These operations are consistent with the skill's primary function of synchronizing a wiki repository.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted repository data to automate decision-making.\n - Ingestion points: Reads the contents of general documentation files and
wiki-manifest.yaml(SKILL.md) to generate semantic commit messages and resolve merge conflicts.\n - Boundary markers: No explicit delimiters are used to separate repository data from the agent's instructions, nor are there warnings to ignore instructions embedded in the data.\n
- Capability inventory: The skill can execute shell commands (
git) and modify repository files (SKILL.md).\n - Sanitization: The skill lacks explicit sanitization or validation logic for the content of the files it interprets. Note that the workflow includes a mandatory human-in-the-loop confirmation step for commits and pushes, which serves as a significant mitigation against automated exploitation.
Audit Metadata