Skills
skills/hoetaek/wt/wt-start/Gen Agent Trust Hub

wt-start

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructions include various shell commands using the wt CLI and git to manage development workflows. Examples include wt run task, wt doctor, and git worktree list. These commands are standard for the tool's stated purpose and operate on the local filesystem and repository state.
  • [INDIRECT_PROMPT_INJECTION]: The skill provides instructions for the agent to read and process task definitions (TaskDocument) and execution records (TaskRun) stored as TOML files in the repository. While this presents an ingestion surface for potentially untrusted data from the repository, it is essential for the tool's task-management functionality.
  • Ingestion points: Files in <git-common-dir>/wt/tasks, <git-common-dir>/wt/task-runs, and <git-common-dir>/wt/workflows (referenced in SKILL.md).
  • Boundary markers: None explicitly defined in the skill instructions to separate data from instructions.
  • Capability inventory: Subprocess execution of wt, git, and find (referenced in SKILL.md).
  • Sanitization: No specific content validation or escaping of TOML data is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 04:25 AM
Security Audit — agent-trust-hub — wt-start