llm-wiki
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection when ingesting external knowledge sources.
- Ingestion points: Untrusted data is read from user-provided files in the 'raw/' directory or content fetched from external URLs during the 'add' operation.
- Boundary markers: While the skill utilizes YAML frontmatter and Markdown structure, it lacks specific instructions or delimiters to prevent the agent from following malicious commands hidden within the source materials.
- Capability inventory: The agent is authorized to execute file system management commands (mkdir, find, grep, sed, ls, cat), perform network requests for content fetching, and write markdown files to the local environment.
- Sanitization: The skill does not define any validation or sanitization routines for content extracted from raw documents before it is summarized and cross-referenced in the wiki.
- [COMMAND_EXECUTION]: The skill utilizes shell commands such as 'find', 'grep', 'sed', 'mkdir', and 'ls' to manage and audit the local wiki's directory structure and files, as specified in the 'add.md', 'init.md', and 'lint.md' workflows.
- [EXTERNAL_DOWNLOADS]: The 'add.md' sub-operation facilitates the retrieval of content from external URLs to be saved and processed into the knowledge base.
Audit Metadata