Skills
skills/agentconnect/awiki-cli/awiki-workflow-discovery/Gen Agent Trust Hub

awiki-workflow-discovery

Pass

Audited by Gen Agent Trust Hub on Apr 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the awiki-cli tool via shell execution to perform operations such as group get, group members, and id profile get. These commands utilize user-provided inputs like <group_did> and <handle> as arguments.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources.
  • Ingestion points: awiki-cli group messages and awiki-cli msg history (SKILL.md).
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands within the fetched messages are defined.
  • Capability inventory: The agent has access to Bash(awiki-cli:*) to query social and identity data.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the message content before it is processed by the assistant.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 12, 2026, 12:49 PM