Skills
skills/canner/wren-engine/wren-http-api/Gen Agent Trust Hub

wren-http-api

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs an automated version check by fetching a JSON file from the author's official GitHub repository (https://raw.githubusercontent.com/Canner/wren-engine/main/skills/versions.json). This is a standard practice for maintaining skill up-to-date status.
  • [COMMAND_EXECUTION]: The skill utilizes common shell utilities including curl, bash, jq, sed, and awk to facilitate communication with a locally running Wren MCP server. These tools are used for their intended purposes (HTTP communication and data parsing).
  • [COMMAND_EXECUTION]: The helper script scripts/session.sh uses a small Python snippet (python3 -c) to parse JSON responses from the server. The execution is limited to processing data from a pipe and does not incorporate unsanitized external strings into the command logic.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes and displays text content retrieved from the Wren MCP server. Since this data originates from an external service (potentially connected to live databases), it presents an attack surface where malicious instructions embedded in the data could influence the agent.
  • Ingestion points: Tool call responses retrieved via curl in SKILL.md and scripts/session.sh.
  • Boundary markers: None identified; the skill directly extracts and recommends printing the text content.
  • Capability inventory: Subprocess execution via bash, curl, and python3.
  • Sanitization: None; data is parsed as JSON but the resulting text is used without escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 05:01 PM