llm-wiki
Pass
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands such as
findto map the directory tree andgit logto detect changes during updates. - [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted data from the codebase, which creates a vulnerability surface for indirect prompt injection. • Ingestion points: Reads top-level files (README, package.json, Cargo.toml), metadata files (CLAUDE.md, .cursor/rules), and raw source code files during reconnaissance and core article generation. • Boundary markers: Absent; the instructions do not specify delimiters or instructions for the agent to disregard commands embedded in the analyzed code. • Capability inventory: The agent possesses capabilities to execute shell commands, read files throughout the codebase, and write to the
.llm-wiki/directory. • Sanitization: Absent; the skill does not require validation or sanitization of content extracted from source files before writing them to wiki articles.
Audit Metadata