wiki-workflow
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch content from external URLs during the INGEST operation to save them into the wiki sources directory.
- [COMMAND_EXECUTION]: Employs standard system utilities such as
ls,mkdir,cat, andrg(ripgrep) to manage the directory structure, log edits, and search through markdown files in/code/wiki/. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes and stores data from untrusted external sources (URLs and files) which are later retrieved for synthesis.
- Ingestion points: Data enters the system via URL fetching or file reading during the
INGESTphase (SKILL.md). - Boundary markers: While the skill uses YAML frontmatter to organize metadata, it lacks explicit delimiters or instructions to the agent to disregard potential instructions embedded within the ingested source text.
- Capability inventory: The agent has the ability to read and write to the local filesystem and perform network fetches.
- Sanitization: There is no mention of sanitizing or escaping the content retrieved from external sources before it is stored or used in the
QUERYsynthesis phase.
Audit Metadata