Skills
skills/nashsu/llm_wiki_skill/llm-wiki/Gen Agent Trust Hub

llm-wiki

Pass

Audited by Gen Agent Trust Hub on May 30, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references its official GitHub repository at github.com/nashsu/llm_wiki_skill.git for installation and updates. This is a vendor-controlled resource and follows standard distribution practices.
  • [DATA_EXFILTRATION]: The skill is designed to read local data from the LLM Wiki desktop application via an API on 127.0.0.1:19828. This is the primary intended function of the skill. The instructions specify that data access is restricted to an allow-list of paths (e.g., wiki/**) and text-based extensions.
  • [CREDENTIALS_UNSAFE]: The documentation discusses the use of an API token (LLM_WIKI_API_TOKEN) for local authentication. It provides best-practice guidance, instructing the agent to use environment variables for the token and explicitly warning the agent never to log or echo the token in its output or URLs.
  • [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it ingests content from a user's wiki pages.
  • Ingestion points: GET /api/v1/projects/{id}/files/content (documented in SKILL.md and api-reference.md).
  • Boundary markers: Not explicitly provided in the instruction prompts for the content read.
  • Capability inventory: The agent is instructed to use standard HTTP tools (curl, fetch) to communicate with the local API.
  • Sanitization: No explicit sanitization or filtering of the retrieved wiki content is mentioned in the skill instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
May 30, 2026, 03:09 PM
Security Audit — agent-trust-hub — llm-wiki