wiki-crystallize
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes filesystem read and write capabilities to manage wiki files within a user-defined directory.
- Evidence: The skill performs extensive file operations (reading config/schema, writing new pages, updating index/log files) but includes a protective 'Scope check' in
SKILL.mdthat mandates an immediate stop if the access scope is directed at system roots or user home directories. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it is designed to ingest and process untrusted text, such as chat transcripts or research notes.
- Ingestion points: User-provided transcripts, research notes, or thread summaries (Workflow Step 2 in
SKILL.md). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions for the processed data.
- Capability inventory: Extensive filesystem read/write operations (Steps 4a, 4b, 5, 7 in
SKILL.md). - Sanitization: There are no explicit instructions to sanitize or validate the content of the ingested data before it is written to the wiki files. However, this is a common characteristic of data-processing skills and is mitigated by the skill's highly structured workflow.
Audit Metadata