Skills
skills/degausai/wonda/wonda-cli/Gen Agent Trust Hub

wonda-cli

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection because it ingests and processes untrusted data from external sources.
  • Ingestion points: Social media scraping via wonda scrape social, wonda x search, and wonda reddit search, as well as reading device screenshots from mobile apps via wonda device screenshot.
  • Boundary markers: No explicit instruction delimiters or boundary markers are defined to isolate untrusted content from the agent's core instructions.
  • Capability inventory: The agent has the ability to execute shell commands (via the wonda CLI), publish content to social media (wonda publish), and perform device actions (tap, type, swipe).
  • Sanitization: No sanitization or validation logic is specified for the content scraped from social media or parsed from screenshots.
  • [COMMAND_EXECUTION]: The skill relies extensively on executing the wonda CLI tool to perform its primary functions, including media generation, social media interaction, and device automation.
  • [EXTERNAL_DOWNLOADS]: The instructions direct the user to install external packages, including the vendor-provided @degausai/wonda and the third-party browser automation tool patchright via npm install.
  • [CREDENTIALS_UNSAFE]: The skill manages highly sensitive authentication data, including social media account passwords, API tokens (WONDA_API_KEY), and session identifiers for X (ct0, auth-token), LinkedIn (li_at, jsessionid), and Reddit. While it uses a vault system with encryption at rest and --password-stdin for secure input, the agent is instructed to handle and retrieve these secrets programmatically.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 07:23 AM