Skills
skills/hoetaek/wt/wt-land/Gen Agent Trust Hub

wt-land

Pass

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on executing local shell commands including git and a custom CLI tool named wt. It includes instructions to run binaries from local paths such as ./target/debug/wt, which is consistent with its intended use in a development environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection as it ingests untrusted data from the repository, such as git commit messages, branch names, and diff outputs (e.g., via git log and git diff).
  • Ingestion points: git log, git diff, wt inspect, and git branch output.
  • Boundary markers: None explicitly defined in the instructions to separate repository data from instructions.
  • Capability inventory: Capability to merge branches, delete worktrees, and execute local binaries.
  • Sanitization: No explicit sanitization or validation of the ingested git metadata is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 18, 2026, 07:44 AM
Security Audit — agent-trust-hub — wt-land