llm-wiki
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes local shell commands including
find,rg(ripgrep), andmkdirto navigate the wiki directory and search for notes. It also executes a bundled initialization script (scripts/init-wiki.sh) to bootstrap the directory structure and schema. These operations are constrained to the local environment and align with the skill's primary function. - [DATA_EXFILTRATION]: The skill manages state by reading from and writing to a local configuration file (
~/.llm-wiki) and the wiki root directory. No network operations were found that would exfiltrate this data or other sensitive system information. - [PROMPT_INJECTION]: The skill demonstrates an indirect prompt injection surface because it is designed to ingest external content (URLs, PDFs, and files) into the local knowledge base, which is subsequently processed by the agent. Although the skill employs data provenance and hashing, this capability involves the processing of untrusted data which is a standard inherent risk for RAG-style tools.
Audit Metadata