wiki-ingest
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to process untrusted data from a queue, creating a surface for indirect prompt injection. It proactively addresses this via a 'Content Trust Boundary' section (SKILL.md, lines 144-156) that instructs the agent to treat ingested content as data rather than instructions. 1. Ingestion points: File reading in SKILL.md (Step 1 and 2a). 2. Boundary markers: Explicit instructions to the agent to ignore embedded commands. 3. Capability inventory: Filesystem search, read, write, and move operations. 4. Sanitization: Agent-level instructions to differentiate data from instructions.
- [COMMAND_EXECUTION]: The skill requires filesystem access for its core functions but includes a mandatory 'Scope check' (SKILL.md, Step 2) that forbids the agent from searching or accessing sensitive system-level directories if the provided scope is too broad.
Audit Metadata