wiki-viewer

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The script generates shell commands based on wiki seed data stored in a local database. These commands are displayed in the viewer for the user to manually copy and execute. The skill uses JSON.stringify and HTML escaping to safely construct these command strings, mitigating risks of shell injection from the source data.
  • [DATA_EXFILTRATION]: While the documentation provides examples of uploading the generated wiki viewer to a public S3 bucket, the script itself performs no network operations and does not automatically exfiltrate data. The sharing of information is a manual, user-initiated process.
  • [PROMPT_INJECTION]: The skill ingests untrusted markdown content from a local SQLite database and renders it in an interactive HTML format. It uses a custom markdown parser and client-side rendering which, while implementing basic security measures like HTML entity escaping, creates a potential surface for indirect injection if the input database contains malicious content.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 12:22 PM
Security Audit — agent-trust-hub — wiki-viewer