wiki-agent
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests raw conversation history from multiple agents (Claude, Codex, Hermes, OpenClaw, Copilot) without using boundary markers or sanitization. This could allow past adversarial instructions to influence the current agent session.
- Ingestion points: Conversation logs in ~/.claude, ~/.codex, ~/.hermes, ~/.openclaw, and ~/.copilot.
- Boundary markers: Absent; extracted content is distilled directly into wiki pages without delimiters or 'ignore' instructions.
- Capability inventory: The skill involves file reads/writes and shell command execution (find, grep).
- Sanitization: No sanitization or filtering of historical content is mentioned.- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands like 'grep' and 'find' using user-provided queries. Evidence: Step 4 explicitly suggests interpolating user input as 'grep -i ""', which presents a command injection surface if the executing agent does not sanitize the input.
Audit Metadata