wiki-init
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill establishes an indirect prompt injection surface by creating a mechanism for ingesting untrusted external data that can influence future agent reasoning and responses.\n
- Ingestion points: External URLs and file paths are downloaded into the repository under
.red/wiki/raw/during the/wiki ingestoperation (defined inschema-template.md).\n - Boundary markers: The skill includes instructional safeguards requiring the agent to "Discuss key takeaways with the user before writing" and utilizes structured markdown templates for entities and concepts to delineate ingested data from agent instructions.\n
- Capability inventory: The skill performs file system operations (creating directories and writing markdown files) and repository configuration updates (
CLAUDE.md,AGENTS.md,.gitignore). It also uses subprocess tools likegrep,ripgrep, andpdftotextfor search and extraction.\n - Sanitization: There is no automated sanitization of ingested content for malicious instructions; reliance is placed on the LLM's summarization process and the human-in-the-loop discussion step.\n- [COMMAND_EXECUTION]: The skill uses various command-line utilities for repository analysis and data processing.\n
- Evidence: Use of
git config,git shortlog,gh repo viewto determine repo settings, andgrep,ripgrep, andpdftotextfor wiki search and content extraction functionality as documented inschema-template.md.\n- [EXTERNAL_DOWNLOADS]: The skill includes functionality to fetch remote data from the internet.\n - Evidence: The ingestion process specifically mentions using tools like "WebFetch or similar" to download remote URL content into the local repository storage.
Audit Metadata