The Agent Skills Directory

[PROMPT_INJECTION]: The skill processes untrusted documents from the raw/ folder, creating an indirect prompt injection surface. This is mitigated by a 'Content Trust Boundary' section that explicitly forbids the execution of commands or instructions found in source documents. Ingestion points: files within the raw/ directory as described in SKILL.md. Boundary markers: the 'Content Trust Boundary' section in SKILL.md provides explicit rules for ignoring embedded instructions. Capability inventory: filesystem read, write, move, and search operations, along with optional PDF and image processing. Sanitization: instructions strictly mandate treating all ingested content as data for synthesis rather than directives to follow.
[COMMAND_EXECUTION]: The agent utilizes filesystem tools to perform necessary operations such as configuration discovery, document reading, wiki page creation, and file archival to the ingested/ directory. These actions are within the intended functional scope of the skill.
[SAFE]: Implements a mandatory scope check that halts operation if the wiki root is determined to be a sensitive system directory, such as the OS root or a user home folder.
[SAFE]: External documentation links point to the author's official GitHub repository (github.com/vanillaflava/llm-wiki-skills), which is considered a legitimate vendor resource.

wiki-ingest