wiki-llms-txt
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill executes
git remote get-url originandgit rev-parse --abbrev-ref HEADto determine the project's repository URL and default branch. While these are standard informational commands, they involve direct shell execution. - [PROMPT_INJECTION] (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) as it aggregates content from arbitrary markdown files into a single context-rich file (
llms-full.txt). - Ingestion points: Reads all markdown files within the local wiki directory.
- Boundary markers (present): Uses XML-like
<doc title="..." path="...">tags to delimit individual page contents withinllms-full.txt. - Capability inventory: The skill has permissions to read/write files and execute git commands. Downstream agents reading the generated files may have broader capabilities.
- Sanitization (absent): The skill strips YAML frontmatter but performs no sanitization or escaping of the actual markdown content, allowing embedded instructions to persist in the output.
Audit Metadata