Skills
skills/sanyuan0704/code-review-expert/wiki-ingest/Gen Agent Trust Hub

wiki-ingest

Pass

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection during the knowledge extraction phase. It processes untrusted input from user-provided text, files, and directories to create and update wiki pages. Without explicit boundary markers or instructions to ignore embedded commands, an attacker could include malicious directives in a document that the agent might inadvertently follow while 'ingesting' the content.
  • Ingestion points: SKILL.md (Workflow Step 1: Accept user-specified content source).
  • Boundary markers: Absent; the skill does not instruct the agent to delimit or ignore instructions within the source text.
  • Capability inventory: File system read and write access for creating, updating, and appending to markdown files in the wiki/ directory (SKILL.md steps 2, 4, 5, 6, and 7).
  • Sanitization: Absent; content is extracted and formatted directly into templates without validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 14, 2026, 06:51 AM