agent-wiki
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to manage git repositories and documentation workspaces. Evidence in
workflow/connect-mode.mdshows usage ofgit submodulecommands to integrate external repositories.workflow/create-mode.mdinvolvesgit init,git add, andgit committo initialize documentation workspaces. - [EXTERNAL_DOWNLOADS]: The skill performs automated package installation from the well-known NPM registry during workspace setup. Evidence in
workflow/create-mode.mdshowsnpm install --silentis called within thescripts/directory to fetch thepdf-parsedependency. - [CREDENTIALS_UNSAFE]: The skill accesses its own local configuration files containing authentication data for git operations. Evidence in
evals/evals.jsonandworkflow/update-mode.mdindicates it reads~/.config/agent-wiki/credentialsto synchronize documentation with remote servers. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by processing untrusted external data to generate documentation. 1. Ingestion points: Processes
.pdf,.txt, and.mdfiles as specified inworkflow/create-mode.md. 2. Boundary markers: The workflows do not define specific delimiters or instructions to ignore embedded prompts in processed files. 3. Capability inventory: Includes file system write operations, git repository manipulation, and execution of local Node.js scripts. 4. Sanitization: No explicit content validation or sanitization is described before the extracted text is used for document generation.
Audit Metadata