wiki-ingest
Warn
Audited by Gen Agent Trust Hub on Apr 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local Bash script
./scripts/allocate-address.shto handle address allocation. Executing local scripts introduces a risk if the script environment or the script itself is compromised. - [COMMAND_EXECUTION]: Shell commands are utilized for logic checks and data processing, including md5sum for hashing, which for tool detection, and file system existence tests.
- [EXTERNAL_DOWNLOADS]: The skill uses the WebFetch tool to retrieve content from user-provided URLs. This external content is then processed and integrated into the local wiki system.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface: 1. Ingestion points: Untrusted data enters the context through WebFetch (URLs) and processed local files in the .raw/ directory. 2. Boundary markers: The instructions lack explicit delimiters or safety warnings to ignore instructions embedded within the ingested source material. 3. Capability inventory: The skill possesses capabilities to write files to the local system and execute shell scripts/commands. 4. Sanitization: There is no mention of sanitizing or validating external content before it is parsed for entities and concepts by the AI.
Audit Metadata