wiki-commit
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes various Git CLI tools (
git remote,git fetch,git pull,git status,git commit,git push) to perform its primary function. These commands interact directly with the underlying operating system's shell. - [EXTERNAL_DOWNLOADS]: The skill performs network synchronization by fetching and pulling data from configured Git remotes. This involves downloading data from external sources specified in the repository's configuration.
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its data processing workflow.
- Ingestion points: The agent reads file names from
git status, analyzes the content of changed documents to summarize them, and parses thewiki-manifest.yamlfile for conflict resolution. - Boundary markers: There are no explicit markers or instructions to isolate the content of documents from the agent's instructions during the summarization phase.
- Capability inventory: The skill possesses the ability to perform file system modifications (via Git) and network transmissions (
git push). - Sanitization: The skill does not describe any sanitization logic for the content it reads. However, the workflow enforces a human-in-the-loop checkpoint using the
AskUserQuestiontool before any changes are committed or pushed, which significantly reduces the risk of automated exploitation.
Audit Metadata