wonda-cli
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill guides the installation of the
@degausai/wondapackage from npm and a Homebrew tap. It also includes a setup step for a 'stealth-browser' which downloads Chromium and the Patchright driver for automation tasks. These are legitimate resources provided by the vendor. - [COMMAND_EXECUTION]: The instructions involve executing common media processing tools such as
ffmpegandffprobefor video transformation, as well asyt-dlpfor downloading video content from external sources. - [DATA_EXFILTRATION]: The skill includes a 'Credentials vault' feature designed to store and retrieve login information for third-party websites like Instagram and TikTok. While this involves sensitive data, it is documented as a primary feature of the toolkit using AES-256-GCM encryption.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface as it is designed to ingest and process untrusted content from social media platforms (X, Reddit, LinkedIn). \n
- Ingestion points: Data is pulled through commands like
wonda x search,wonda reddit feed, andwonda scrape social. \n - Boundary markers: No explicit boundary markers or instructions to ignore embedded commands are present in the guides. \n
- Capability inventory: The agent has access to file writing, network operations via the CLI, and subprocess execution for media tools. \n
- Sanitization: The instructions do not specify any validation or sanitization protocols for external data before processing.
Audit Metadata