llm-wiki
Warn
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external, global Node.js package (
obsidian-headless) and references an external repository (atomicmemory/llm-wiki-compiler). These resources are provided by third parties and are not from recognized trusted vendors. - [COMMAND_EXECUTION]: The skill utilizes several shell commands for file management, environment configuration, and software installation. It specifically provides a template for creating and enabling a
systemduser service to maintain a persistent background process. - [COMMAND_EXECUTION]: The 'Lint' functionality provides a Python code block designed to be run via
execute_code. This script performs programmatic file system operations across the wiki directory structure. - [CREDENTIALS_UNSAFE]: The documentation for setting up headless synchronization instructs the user to enter their account email and password directly into a CLI command (
ob login --email <email> --password '<password>'). This practice exposes sensitive credentials in shell history and process lists. - [PROMPT_INJECTION]: The skill is designed to ingest data from external URLs and raw files which are then processed, summarized, and stored. This creates an attack surface for indirect prompt injection, as the agent is directed to follow instructions or synthesize information from these untrusted external sources without defined sanitization steps or boundary markers.
Audit Metadata