wt-idea
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell commands including
git status,find,git rev-parse,wt config, andrg(ripgrep) to understand the project structure and gather context. These are standard operations for a development-focused agent skill. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of ingesting data from the local repository and external research sources.
- Ingestion points: Content is read from various project directories (
docs,app,resources,tests) and gathered via external research capabilities when seeking best practices. - Boundary markers: There are no explicit delimiters or specific 'ignore embedded instructions' warnings applied to the data being searched or retrieved.
- Capability inventory: The skill possesses the ability to execute shell commands and write research artifacts in TOML format to the local file system.
- Sanitization: The instructions do not specify any validation or sanitization for the content retrieved from external sources before it is processed or stored.
- [DATA_EXFILTRATION]: The skill proactively mitigates data exposure risks by instructing the agent to 'Never read secret files such as .env' during its evidence-gathering phase.
Audit Metadata