Skills
skills/dev-goraebap/dot-wiki/wiki-plan/Gen Agent Trust Hub

wiki-plan

Pass

Audited by Gen Agent Trust Hub on Apr 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes npx dot-wiki and npx skills commands to perform version checks, manage tool updates, and update the project's 'wiki focus' manifest.- [EXTERNAL_DOWNLOADS]: The skill contains logic in the preamble to check for and install updates for the dev-goraebap/dot-wiki package from the npm registry via npx.- [PROMPT_INJECTION]: The skill processes user-provided feature descriptions to generate structured PRD files, creating a surface for indirect prompt injection.
  • Ingestion points: User-provided feature descriptions and existing PRD files in the .wiki/common/ directory.
  • Boundary markers: The skill does not use specific delimiters or markers to isolate user-provided content within the generated PRD template.
  • Capability inventory: Shell command execution via npx dot-wiki and npx skills is available to the agent.
  • Sanitization: No explicit validation or escaping of user input is performed before the content is written to the file system.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 1, 2026, 12:26 AM