wiki-workflow

Pass

Audited by Gen Agent Trust Hub on Apr 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to fetch content from external URLs during the INGEST operation to save them into the wiki sources directory.
  • [COMMAND_EXECUTION]: Employs standard system utilities such as ls, mkdir, cat, and rg (ripgrep) to manage the directory structure, log edits, and search through markdown files in /code/wiki/.
  • [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks as it processes and stores data from untrusted external sources (URLs and files) which are later retrieved for synthesis.
  • Ingestion points: Data enters the system via URL fetching or file reading during the INGEST phase (SKILL.md).
  • Boundary markers: While the skill uses YAML frontmatter to organize metadata, it lacks explicit delimiters or instructions to the agent to disregard potential instructions embedded within the ingested source text.
  • Capability inventory: The agent has the ability to read and write to the local filesystem and perform network fetches.
  • Sanitization: There is no mention of sanitizing or escaping the content retrieved from external sources before it is stored or used in the QUERY synthesis phase.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 16, 2026, 05:39 PM
Security Audit — agent-trust-hub — wiki-workflow