Skills
skills/canner/wrenai/wren-generate-mdl/Gen Agent Trust Hub

wren-generate-mdl

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill performs a version check by retrieving a JSON file from the vendor's official GitHub repository (Canner/wren-engine).
  • [COMMAND_EXECUTION]: The workflow relies on the 'wren' CLI and various database connection libraries (e.g., SQLAlchemy, psycopg) to perform schema discovery, project initialization, and validation.
  • [PROMPT_INJECTION]: There is an inherent surface for indirect prompt injection because the skill ingests metadata (table and column names) directly from a database.
    • Ingestion points: Phase 2 (Database schema introspection).
    • Boundary markers: Not present in the instructions.
    • Capability inventory: Local file system writes and CLI command execution.
    • Sanitization: No specific sanitization or escaping of database metadata is described prior to generating YAML configuration files.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 06:04 PM
Security Audit — agent-trust-hub — wren-generate-mdl