llm-wiki
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The installation scripts fetch setup utilities for the Bun runtime and the UV toolchain from their official domains (
bun.shandastral.sh). These are recognized well-known services in the development ecosystem. - [REMOTE_CODE_EXECUTION]: Piped shell execution is used in
install.shto install necessary developer runtimes. These operations originate from the trusted official domains of the tools being installed. - [COMMAND_EXECUTION]: The skill executes a suite of local utility scripts (Bash, Node.js, Python) to manage the knowledge base lifecycle, analyze data, and generate visualizations. These scripts are included within the skill package.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests content from external URLs and local files for AI processing. The skill implements a mandatory privacy self-check to mitigate the risk of processing sensitive information.
Audit Metadata