wiki-discover
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
git status --shortandgit diffto identify candidate files for the wiki. These are standard development operations restricted to the local repository environment.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it reads and processes the content of untrusted project files (e.g., markdown and YAML). This risk is thoroughly mitigated by the following factors: 1. Ingestion points: Project files matching specific extensions (*.md, *.yaml). 2. Boundary markers: None explicitly defined in the skill logic. 3. Capability inventory: The skill can copy files, delete files, and modify the wiki manifest. 4. Sanitization/Control: Critical actions (deleting originals, updating the manifest) are gated by mandatory human-in-the-loop confirmation via theAskUserQuestiontool, preventing unauthorized or automated exploitation.
Audit Metadata