wiki-architect
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by design as it ingests and processes untrusted data from repository file structures and contents.
- Ingestion points: The skill scans repository file trees, README files, and source code contents to generate documentation structures (SKILL.md).
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the processed content, which may lead the agent to follow malicious instructions hidden in a repository.
- Capability inventory: Analysis of all procedures shows the skill is restricted to reading file structures and outputting JSON documentation; it has no capabilities for network operations, file writing, or command execution.
- Sanitization: There are no documented mechanisms for sanitizing or validating the data retrieved from external codebases before it is used in documentation prompts.
Audit Metadata