llm-wiki-en
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection when processing untrusted data.
- Ingestion points: The ingest operation reads user-provided files from ~/llm-wiki/raw/ and fetches content from external URLs provided in the conversation (SKILL.md).
- Boundary markers: The instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when the agent reads and summarizes these external materials.
- Capability inventory: The agent has the ability to write files to the local file system (mkdir, creating .md files) and read existing files for query and maintenance operations.
- Sanitization: There is no explicit requirement to sanitize or validate external content before it is synthesized into the persistent wiki structure.
Audit Metadata