join-project
Pass
Audited by Gen Agent Trust Hub on Jun 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses several shell commands (
test,ls,grep,sort,uniq,head) to inspect project files and identify frequently referenced concepts. These commands are executed locally and are restricted to checking file existence or reading content. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it reads and processes data from untrusted local files (the
llmwiki/directory) and uses this content to generate an 'Output Report'. - Ingestion points: Reads
llmwiki/wiki/index.md,llmwiki/wiki/log.md,llmwiki/wiki/concepts/Architecture.md, and other concept files. - Boundary markers: None are specified; the agent is instructed to read and summarize content directly without delimiters or 'ignore' instructions.
- Capability inventory: File writing (
llmwiki/wiki/sources/draft/), file appending (llmwiki/wiki/index.md,llmwiki/wiki/log.md), and shell execution (grep,ls). - Sanitization: No validation or sanitization of the content read from the wiki files is performed before it is used in report generation.
- [SAFE]: There are no signs of data exfiltration, credential harvesting, obfuscation, or remote code execution. The skill does not perform any network operations.
Audit Metadata