Skills
skills/zurybr/codewiki-cli/codewiki/Gen Agent Trust Hub

codewiki

Pass

Audited by Gen Agent Trust Hub on Mar 7, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The Python wrapper codewiki.py utilizes subprocess.run to call the local Node.js scraper tool. This is a common pattern for integrating tools across different runtime environments.
  • [EXTERNAL_DOWNLOADS]: The documentation points to the author's GitHub repository (github.com/zurybr/codewiki-cli) for installation, and the tool performs automated browsing of the codewiki.google domain to extract documentation data.
  • [PROMPT_INJECTION]: The skill scrapes and outputs external content from the web, which creates a potential surface for indirect prompt injection if the source content contains adversarial instructions.
  • Ingestion points: codewiki.js extracts content from https://codewiki.google/ using Puppeteer's page.evaluate().
  • Boundary markers: The scraped data is printed to standard output without specific delimiters or warnings to differentiate external content from agent instructions.
  • Capability inventory: The skill possesses the ability to launch a browser (puppeteer) and execute subprocesses (subprocess.run).
  • Sanitization: No sanitization or filtering is applied to the extracted innerText before it is displayed to the user or agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 7, 2026, 08:40 AM