wiki-viewer
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The script generates shell commands based on wiki seed data stored in a local database. These commands are displayed in the viewer for the user to manually copy and execute. The skill uses
JSON.stringifyand HTML escaping to safely construct these command strings, mitigating risks of shell injection from the source data. - [DATA_EXFILTRATION]: While the documentation provides examples of uploading the generated wiki viewer to a public S3 bucket, the script itself performs no network operations and does not automatically exfiltrate data. The sharing of information is a manual, user-initiated process.
- [PROMPT_INJECTION]: The skill ingests untrusted markdown content from a local SQLite database and renders it in an interactive HTML format. It uses a custom markdown parser and client-side rendering which, while implementing basic security measures like HTML entity escaping, creates a potential surface for indirect injection if the input database contains malicious content.
Audit Metadata