Skills
skills/kiluazen/kstack/llm-wiki/Gen Agent Trust Hub

llm-wiki

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources like URLs, PDFs, and existing notes to synthesize wiki content. Malicious instructions embedded in these sources could potentially influence the agent's behavior.
  • Ingestion points: The 'Ingest sources' and 'Migrate existing notes' sections in SKILL.md process external data.
  • Boundary markers: Absent. The skill lacks instructions to wrap ingested content in delimiters or to ignore embedded instructions.
  • Capability inventory: The skill has significant capabilities, including local file system read/write access and terminal command execution via find and ripgrep.
  • Sanitization: Absent. There is no mention of sanitizing or validating external content before it is incorporated into the wiki.
  • [COMMAND_EXECUTION]: The skill utilizes shell commands (find, rg, sed, sort, comm, tail) for wiki maintenance, health-checks, and migration tasks. It explicitly allows the use of user-provided directory paths as the wiki root, which presents a surface for command injection if the agent environment does not properly sanitize input before shell execution.
  • [EXTERNAL_DOWNLOADS]: The skill is designed to fetch content from remote URLs and PDFs to build and update the knowledge base, using both standard fetching and browser-based rendering for JavaScript-heavy sites.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 01:31 PM
Security Audit — agent-trust-hub — llm-wiki