wiki-ingest
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect prompt injection surface identified.
- Ingestion points: External source files (transcripts, PDFs, markdown) located in the
raw/directory. - Boundary markers: No specific delimiters or boundary markers are used for source content ingestion.
- Capability inventory: Writing and updating files in the
wiki/directory, updating local index files, and executing search commands. - Sanitization: No explicit sanitization or filtering of source content is described.
- Mitigation: The skill implements a mandatory human-in-the-loop checkpoint where extracted points and matched pages are presented to the user for confirmation before any modifications occur, neutralizing the risk of unintended behavior from malicious source data.
- [COMMAND_EXECUTION]: The skill utilizes local CLI tools (
grep,qmd) for content discovery. It follows security best practices by explicitly instructing the agent not to run indexing or embedding commands automatically, requiring manual user execution for state-changing operations.
Audit Metadata