llm-wiki
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection within the 'ingestor' sub-agent workflow. * Ingestion points: The agent is instructed to read and integrated arbitrary content from untrusted external sources placed in the 'raw/' directory. * Boundary markers: The instructions lack delimiters or specific directives to ignore instructions that might be embedded within the source materials. * Capability inventory: The agent possesses file-read, file-write, and shell-execution capabilities which could be abused if the agent obeys malicious instructions found in ingested data. * Sanitization: No validation or filtering is performed on external content before it is compiled into the wiki.
- [COMMAND_EXECUTION]: The 'schema-writer' agent is instructed to execute shell commands ('mkdir -p' and 'touch') to initialize a persistent directory structure. This operation modifies the user's file system, specifically creating a global hidden directory at '~/.learnwy/llm-wiki/'.
Audit Metadata