Skills
skills/aikarjal/wilmai/wilma-triage/Gen Agent Trust Hub

wilma-triage

Pass

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill metadata specifies access to sensitive local configuration files: ~/.config/wilmai/config.json and ~/Library/Application Support/gogcli/. These files are expected to contain authentication tokens for Wilma and Google services.
  • [PROMPT_INJECTION]: The skill processes untrusted data from school messages and bulletins, which presents an indirect prompt injection surface.
  • Ingestion points: Output from wilma summary, wilma messages, and wilma news commands which fetch text from school teachers and administrators.
  • Boundary markers: Absent; the agent is not instructed to use delimiters or specific safety instructions when processing message content.
  • Capability inventory: The agent has the ability to execute wilma and gog CLI commands, enabling it to write to or modify the user's Google Calendar based on the content of these messages.
  • Sanitization: No sanitization or validation of the message text is provided before it is interpreted by the agent.
  • [COMMAND_EXECUTION]: The skill workflow involves executing shell commands via the wilma and gog CLI utilities to perform data retrieval and synchronization tasks.
Audit Metadata
Risk Level
SAFE
Analyzed
May 12, 2026, 01:19 PM