wiki
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of processing untrusted repository data. Ingestion points: The skill reads various repository files during the 'Survey the repository' phase, including README files, CI/CD configurations, and source code. Boundary markers: The instructions do not define delimiters or specific markers to isolate untrusted codebase content from the agent's instructions. Capability inventory: The agent has the capability to execute shell commands (ls, grep, git log) and perform network uploads via the 'droid wiki-upload' tool. Sanitization: There are no instructions for sanitizing or escaping the content read from the repository before it is processed or written to the final wiki files.
- [DATA_EXFILTRATION]: The skill systematically accesses structural and configuration files such as .github/workflows, package.json, and internal API routes to build its mental model. The gathered information is then transmitted to the Factory application via the 'droid wiki-upload' CLI. This behavior is transparently described as the skill's primary purpose and utilizes the author's own infrastructure.
Audit Metadata