Skills
skills/rohitg00/pro-workflow/wiki-query/Gen Agent Trust Hub

wiki-query

Warn

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/query.js uses require() to load a module from a path computed at runtime (distPath). This module is expected to be at a location relative to the script's directory. Dynamic loading from computed paths is a security risk as it can be exploited to execute arbitrary code if the filesystem environment or the path variables are manipulated.\n- [INDIRECT_PROMPT_INJECTION]: This skill processes content from a wiki database and provides it to the AI agent's context, creating a surface for indirect attacks.\n
  • Ingestion points: Data enters the context via the store.searchWiki and store.getWikiPage functions in scripts/query.js.\n
  • Boundary markers: There are no boundary markers or instructions to isolate the retrieved wiki content, increasing the risk that the agent interprets data as instructions.\n
  • Capability inventory: The skill possesses the ability to execute shell commands and access the filesystem via Node.js.\n
  • Sanitization: The script performs formatting for display but does not include any sanitization to detect or neutralize prompt injection patterns within the wiki data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 12, 2026, 12:22 PM