llm-wiki
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines an architecture for ingesting untrusted external data (articles, papers, transcripts), which introduces a surface for indirect prompt injection.
- Ingestion points: Content is read from the
raw/directory as described inSKILL.md(Phase 2). - Boundary markers: Absent; the documentation does not specify delimiters to separate untrusted content from agent instructions.
- Capability inventory: The skill has capabilities to read/write files and execute
git mvas documented inSKILL.mdphases 1 through 5. - Sanitization: Absent; no mention of filtering or sanitizing external content before processing.
- [COMMAND_EXECUTION]: The
scripts/validate.shfile contains shell commands for internal structural validation. - Evidence: Uses
grep,head, andbash -cto check for specific strings within the skill's ownSKILL.mdfile. These operations are static, perform read-only checks on project metadata, and are restricted to the skill's directory.
Audit Metadata