Skills
skills/wanshuiyin/auto-claude-code-research-in-sleep/wiki-enrich/Gen Agent Trust Hub

wiki-enrich

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically resolves the file paths for utility scripts like research_wiki.py and DEEPXIV_FETCHER using shell logic, then executes them via python3. Executing code from paths determined at runtime is a risk factor.
  • [EXTERNAL_DOWNLOADS]: Fetches research data from the ArXiv API and AlphaXiv overview pages.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection.
  • Ingestion points: External research paper summaries are retrieved via WebFetch and curl from remote sources.
  • Boundary markers: The skill lacks explicit delimiters or instructions for the agent to ignore potentially malicious directions embedded within the fetched text.
  • Capability inventory: The agent can modify local files through the Edit tool and execute shell commands via Bash, which could be leveraged if malicious instructions were present in a processed research abstract.
  • Sanitization: There is no documented validation or sanitization of the fetched external text before it is processed by the agent to generate wiki updates.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 11:11 PM
Security Audit — agent-trust-hub — wiki-enrich