wiki
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by instructing the agent to read and ingest knowledge from markdown files. If these files contain malicious instructions from the project environment, they could influence agent behavior.
- Ingestion points: Markdown files stored in .omx/wiki/ and configuration in .omx-config.json.
- Boundary markers: Absent; no specific delimiters are defined to help the agent distinguish between data and instructions within the wiki pages.
- Capability inventory: Reading, writing, and listing files in the local project directory.
- Sanitization: Absent; no content validation is mentioned.
- [COMMAND_EXECUTION]: The skill defines operations for file management (ingest, add, list, read, delete, lint) within the local .omx/wiki/ directory. These operations rely on the agent's filesystem tools.
Audit Metadata