wiki
Pass
Audited by Gen Agent Trust Hub on Apr 19, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use a custom
wikiCLI andbunfor various maintenance tasks. Specifically, it suggests runningbun run sync:localto synchronize edited skills, which involves shell-level script execution. - [EXTERNAL_DOWNLOADS]: The
wiki source ingest <path-or-url>command allows the agent to download content from arbitrary remote locations. This is a primary feature for research filing but necessitates the handling of potentially malicious external data. - [DATA_EXFILTRATION]: Because the ingestion command accepts both local file paths and remote URLs, there is a risk that an agent could be induced to read sensitive local files and transmit their contents or include them in research logs that are later exported.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it is designed to ingest and process data from external, untrusted sources.
- Ingestion points: Untrusted data enters the context via
wiki research ingest,wiki source ingest <path-or-url>, and by reading git history or filesystem globs. - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes the ingested content.
- Capability inventory: The agent has the capability to write to the filesystem, perform network operations, and execute CLI commands based on its analysis.
- Sanitization: There is no evidence of content sanitization or validation before the data is processed or used to influence agent decisions.
Audit Metadata