agent-wiki
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands for workspace initialization, git operations (submodule add, init, push), and running utility scripts (node, npm).\n- [EXTERNAL_DOWNLOADS]: The
workflow/create-mode.mdworkflow executesnpm installto download thepdf-parselibrary from the public npm registry during the workspace setup process.\n- [CREDENTIALS_UNSAFE]: As evidenced inevals/evals.json, the skill is designed to read authentication information from~/.config/agent-wiki/credentialsto facilitate remote repository access.\n- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8) due to its core functionality.\n - Ingestion points: Reads unstructured data from external
.pdf,.txt, and.mdfiles provided by the user (as seen inworkflow/create-mode.md).\n - Boundary markers: Absent. There are no instructions provided to the agent to treat file contents as untrusted or to use delimiters to prevent command injection via file text.\n
- Capability inventory: The skill can execute shell commands, perform git operations, and modify the file system across multiple workflow steps.\n
- Sanitization: Absent. The skill instructions do not specify any filtering or escaping of content extracted from source documents before integrating them into the AI-focused
AGENTS.mdor backlog files.
Audit Metadata