wiki-llms-txt
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions direct the agent to run
git remote get-url originandgit rev-parse --abbrev-ref HEAD. These commands are used to resolve the source repository URL and current branch name to ensure documentation links are accurate and functional. - [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by design, as its primary function is to aggregate external content. It reads existing markdown files from the
wiki/directory and inlines their full content intollms-full.txt. If these source files contain malicious instructions, they will be processed by any model reading the generated file. - Ingestion points: Wiki markdown files (
wiki/*.md). - Boundary markers: The skill uses XML-like
<doc title='...' path='...'>tags to separate content from different files. - Capability inventory: Performs filesystem writes to create
./llms.txt,wiki/llms.txt, andwiki/llms-full.txt. - Sanitization: The skill explicitly instructs to strip YAML frontmatter but does not specify filtering or sanitization of instructions within the documentation body.
Audit Metadata