wiki-llms-txt
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill runs git remote and git rev-parse to determine the repository context. These are standard developer operations used for metadata resolution.
- [PROMPT_INJECTION] (LOW): As per Category 8 (Indirect Prompt Injection), the skill ingests data from local wiki files and interpolates them into a combined document (llms-full.txt). Ingestion points: local markdown files in the wiki directory. Boundary markers: uses doc tags with title and path attributes. Capability inventory: file reading and git command execution. Sanitization: strips YAML frontmatter but lacks explicit instructions to ignore nested LLM instructions within the inlined content. This creates a surface where malicious instructions in a wiki page could influence an agent reading the aggregated file.
Audit Metadata