Skills
skills/djalmajr/essential-skills/wiki-policy-check/Gen Agent Trust Hub

wiki-policy-check

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection from untrusted repository documentation.
  • Ingestion points: The skill reads CLAUDE.md, AGENTS.md, .wiki-guardrails.yml, and every .md file found in the repository.
  • Boundary markers: None. The instructions do not specify the use of delimiters or 'ignore embedded instructions' markers when reading external files.
  • Capability inventory: The agent can list directory contents, read arbitrary local files, and potentially perform network requests if the wiki location is set to an external URL.
  • Sanitization: None. Content from markdown files is processed directly to identify patterns without escaping or validation.
  • [DATA_EXFILTRATION]: The skill aggregates sensitive business context and identifies external destinations via local configuration.
  • Sensitive Data Identification: The skill specifically targets high-value data such as 'Pricing / monetization', 'Compliance posture' (GDPR, LGPD), and 'Customer-facing policies'.
  • External Communication: The 'wiki location' can be an external URL defined in repository-level configuration files.
  • Risk: A malicious repository configuration could define an attacker-controlled URL as the wiki destination, causing the agent to transmit aggregated business logic during the 'cross-check' phase.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 01:19 PM
Security Audit — agent-trust-hub — wiki-policy-check