wt-variants
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local binary located at
./target/debug/wtto perform configuration, workflow creation, and execution tasks. - [COMMAND_EXECUTION]: Uses common shell utilities including
git,find, andsedto inspect the repository state and read project documentation. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by processing external data from the local repository.
- Ingestion points: Reads data from
docs/consistency.md,wt/ideas/,wt/tasks/, andwt/workflows/to determine experiment shapes and task goals. - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided when reading these files.
- Capability inventory: The skill can write files to the filesystem (
wt/tasks/,wt/profiles/) and execute thewtbinary with parameters derived from its analysis. - Sanitization: There is no evidence of sanitization for the content ingested from the project files before it is used to construct new prompts or commands.
Audit Metadata