llm-wiki
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes shell commands including find, grep, ls, mkdir, and cat to manage the wiki's directory structure and index files. These commands are executed within the local ~/llm-wiki environment to support automated file discovery and metadata extraction.
- [EXTERNAL_DOWNLOADS]: The skill contains instructions to fetch content from external URLs for summarization and archival. This functionality is intended for knowledge ingestion and does not involve hidden or unauthorized network operations.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted external content. Ingestion points: Untrusted data is ingested via add.md from the raw/ directory and user-supplied URLs. Boundary markers: Absent. Capability inventory: Subprocess calls (find, grep, ls, mkdir, cat) and file-write operations are used throughout init.md, add.md, compound.md, lint.md, and query.md. Sanitization: Absent. Assessment: The risk is safe given the skill's restricted scope and lack of dangerous tools like eval or arbitrary command execution based on ingested data.
Audit Metadata