skills/akillness/jeo-skills/llm-wiki/Gen Agent Trust Hub

llm-wiki

Pass

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes several local utility scripts (scripts/bootstrap-vault.sh, scripts/ingest-url.sh, scripts/new-query-note.sh, and scripts/lint-wiki.py) to manage the file system and perform wiki maintenance tasks. These scripts are invoked via bash and are restricted to operations within the user-specified vault directory.
  • [EXTERNAL_DOWNLOADS]: The skill includes functionality to ingest external web content into the wiki using the scrapling utility. This is a primary feature of the skill, allowing the agent to capture raw source material from arbitrary URLs provided by the user.
  • [PROMPT_INJECTION]: The skill's workflow involving the summarization of external web pages and local files introduces a surface for Indirect Prompt Injection.
  • Ingestion points: External content enters the context via scripts/ingest-url.sh (URL scraping) and the raw/sources/ directory (local file ingest).
  • Boundary markers: The AGENTS.md file establishes a schema that instructs the agent to treat raw/ as an immutable source of truth and wiki/ as a maintained artifact, providing structural guidance to the model.
  • Capability inventory: The skill possesses capabilities for web fetching (WebFetch tool and Scrapling), file reading/writing, and executing local shell scripts.
  • Sanitization: There is no explicit sanitization of fetched content; the skill relies on the LLM's inherent processing and the structural rules defined in the schema to maintain safety.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 1, 2026, 03:05 PM
Security Audit — agent-trust-hub — llm-wiki