llm-wiki
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE_AND_EXFILTRATION]: The skill instructions specify paths for accessing sensitive user data, including Claude, Copilot, and Hermes conversation histories, to facilitate local knowledge distillation. This access is restricted to the local environment and is necessary for the skill's primary function of building a personal wiki.
- [INDIRECT_PROMPT_INJECTION]: The skill architecture is designed to ingest and process untrusted external data (web articles, PDFs, notes), which presents an inherent surface for indirect prompt injection. Malicious instructions embedded in source documents could potentially influence the agent's behavior during distillation.
- Ingestion points: Raw document directories and conversation logs specified via environment variables.
- Boundary markers: Implements provenance markers such as
^[inferred]and^[ambiguous]to track the reliability of synthesized claims. - Capability inventory: Outlines operations for file access, content extraction via grep, and link management across the wiki framework.
- Sanitization: The pattern focuses on synthesis and structured compilation, with input validation expected to be managed by the companion ingestion skills.
Audit Metadata