wiki-researcher
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes local
gitcommands to resolve repository context. Specifically, it runsgit remote get-url originandgit rev-parse --abbrev-ref HEAD. While these are shell executions, they are restricted to safe, read-only information gathering within the local environment. - PROMPT_INJECTION (LOW): The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) because its core purpose is to read and trace implementation details within a codebase.
- Ingestion points: The agent reads arbitrary code files from a local or remote repository to perform deep research.
- Boundary markers: Absent. There are no instructions to the agent to ignore or sanitize instructions found within the code comments or strings of the analyzed files.
- Capability inventory: The skill has the capability to execute shell commands (
git) and access the local filesystem for reading. - Sanitization: None. The skill does not implement any validation or filtering of the content it ingests from the source code.
Audit Metadata