wiki-qa
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- Command Execution: The skill utilizes local Git commands (
git remoteandgit rev-parse) to resolve the repository's origin and branch name. This is a legitimate use of tool capabilities to provide the user with accurate, clickable links to source files. - Source Code Analysis Surface: The skill processes local source code to generate answers. As with any tool that interprets external data, there is a theoretical surface for instructions embedded in files (indirect prompt injection) to influence the agent. The skill's instructions to ground all answers strictly in source code evidence help mitigate this by providing clear constraints on the agent's behavior.
- Local File Access: The skill searches and reads files within the repository to answer user queries. This is the intended primary purpose of the skill, though users should be mindful of what sensitive information might be contained in the codebase being analyzed.
Audit Metadata