skills/degausai/wonda/wonda-cli/Gen Agent Trust Hub

wonda-cli

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill guides the installation of the @degausai/wonda package from npm and a Homebrew tap. It also includes a setup step for a 'stealth-browser' which downloads Chromium and the Patchright driver for automation tasks. These are legitimate resources provided by the vendor.
  • [COMMAND_EXECUTION]: The instructions involve executing common media processing tools such as ffmpeg and ffprobe for video transformation, as well as yt-dlp for downloading video content from external sources.
  • [DATA_EXFILTRATION]: The skill includes a 'Credentials vault' feature designed to store and retrieve login information for third-party websites like Instagram and TikTok. While this involves sensitive data, it is documented as a primary feature of the toolkit using AES-256-GCM encryption.
  • [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it is designed to ingest and process untrusted content from social media platforms (X, Reddit, LinkedIn). \n
  • Ingestion points: Data is pulled through commands like wonda x search, wonda reddit feed, and wonda scrape social. \n
  • Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the guides. \n
  • Capability inventory: The agent has access to file writing, network operations via the CLI, and subprocess execution for media tools. \n
  • Sanitization: The instructions do not specify any validation or sanitization protocols for external data before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:30 AM
Security Audit — agent-trust-hub — wonda-cli