Skills
skills/toolboxmd/karpathy-wiki/using-karpathy-wiki/Gen Agent Trust Hub

using-karpathy-wiki

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute several shell commands to manage wiki data.
  • Evidence in SKILL.md: Uses mv <subagent-report-path> <wiki>/inbox/<basename>, wiki ingest-now <wiki>, bin/wiki capture, and wiki use project|main|both to perform operations.
  • [PROMPT_INJECTION]: The skill presents a significant indirect prompt injection surface (Category 8) due to its core design of capturing and later reading external data.
  • Ingestion points: External findings from research subagents, web search results, and user-provided documents or URLs are ingested into the wiki system (SKILL.md).
  • Boundary markers: There are no explicit instructions in this loader for sanitizing or wrapping ingested data with boundary markers to prevent the agent from obeying instructions embedded in that data.
  • Capability inventory: The agent has the capability to execute shell commands (mv, wiki) and perform file system operations based on the ingested content (SKILL.md).
  • Sanitization: No sanitization or validation protocols are mentioned for processing the external data before it is read back into the context during the 'Orientation' phase.
  • [EXTERNAL_DOWNLOADS]: The skill's workflow frequently involves fetching data from the web or other external sources.
  • Evidence in SKILL.md: Triggers for capture include 'web search', 'doc fetch', and 'user pastes a URL', which implies the retrieval of external content into the agent's environment.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:31 AM