wiki-ingest
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it processes untrusted external data to perform file system operations.
- Ingestion points: The workflow accepts pasted text, specific file paths (including md, txt, and pdf), and directory paths for batch processing as seen in SKILL.md.
- Boundary markers: Absent. There are no instructions or delimiters defined to separate the instructions of the skill from the content of the documents being ingested.
- Capability inventory: The skill possesses file read/write capabilities and directory creation permissions within the project workspace (primarily the
wiki/directory) as described in the workflow steps of SKILL.md. - Sanitization: Absent. There is no evidence of content validation or filtering to prevent malicious instructions embedded in the source documents from being executed or influencing the agent's logic during the ingestion process.
Audit Metadata