Skills
skills/agentconnect/awiki-cli/awiki-msg/Gen Agent Trust Hub

awiki-msg

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute awiki-cli for core messaging functions such as sending messages, retrieving inboxes, and viewing history.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when the agent retrieves and processes messages from other users.
  • Ingestion points: External data enters the agent context through the awiki-cli msg inbox and awiki-cli msg history commands specified in SKILL.md.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to distinguish message content from executable instructions.
  • Capability inventory: The agent can execute commands like msg send and msg mark-read, which could be abused if malicious instructions are embedded in received messages.
  • Sanitization: There is no evidence of sanitization or content validation for the data returned by the messaging commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 12:49 PM
Security Audit — agent-trust-hub — awiki-msg