wren-usage
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches versioning data from the official WrenAI GitHub repository to verify updates and recommends using official vendor packages via pip and npx.
- [COMMAND_EXECUTION]: Employs the
wrenCLI for core functionalities including database connection management, SQL execution, and semantic model indexing. - [INDIRECT_PROMPT_INJECTION]:
- Ingestion points: Ingests external data through
wren context instructionsandwren memory recallto guide agent behavior. - Boundary markers: Does not implement specific delimiters or 'ignore embedded instructions' markers for data retrieved from the project context or memory.
- Capability inventory: The skill allows the execution of arbitrary SQL queries against connected databases, installation of Python packages, and modification of database connection profiles.
- Sanitization: The agent is instructed to treat fetched context as overriding rules without an explicit validation or sanitization step for the content retrieved.
Audit Metadata