wiki-qa
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands (
git remote get-url originandgit rev-parse --abbrev-ref HEAD) to resolve the repository's identity and branch information during the initialization phase. - [PROMPT_INJECTION]:
- Ingestion points: The skill is designed to search and read the contents of files within a code repository to gather evidence for answering user queries.
- Boundary markers: The instructions do not define clear delimiters or specific instructions for the agent to ignore potentially malicious instructions embedded in source code comments or strings within the files it reads.
- Capability inventory: The agent has the capability to execute git commands and read arbitrary files from the local file system as defined in
SKILL.md. - Sanitization: There is no mention of sanitizing or validating the contents of the files before the agent processes them, which creates a surface for indirect prompt injection if a file in the repository contains malicious instructions.
Audit Metadata