llm-wiki
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several local utility scripts (
scripts/bootstrap-vault.sh,scripts/ingest-url.sh,scripts/new-query-note.sh, andscripts/lint-wiki.py) to manage the file system and perform wiki maintenance tasks. These scripts are invoked via bash and are restricted to operations within the user-specified vault directory. - [EXTERNAL_DOWNLOADS]: The skill includes functionality to ingest external web content into the wiki using the
scraplingutility. This is a primary feature of the skill, allowing the agent to capture raw source material from arbitrary URLs provided by the user. - [PROMPT_INJECTION]: The skill's workflow involving the summarization of external web pages and local files introduces a surface for Indirect Prompt Injection.
- Ingestion points: External content enters the context via
scripts/ingest-url.sh(URL scraping) and theraw/sources/directory (local file ingest). - Boundary markers: The
AGENTS.mdfile establishes a schema that instructs the agent to treatraw/as an immutable source of truth andwiki/as a maintained artifact, providing structural guidance to the model. - Capability inventory: The skill possesses capabilities for web fetching (WebFetch tool and Scrapling), file reading/writing, and executing local shell scripts.
- Sanitization: There is no explicit sanitization of fetched content; the skill relies on the LLM's inherent processing and the structural rules defined in the schema to maintain safety.
Audit Metadata