wribble
Pass
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the
wribblepackage from the NPM registry. This is the official CLI tool required for the skill to function. - [COMMAND_EXECUTION]: The skill uses shell commands through the
wribblebinary to perform authentication and blog management. This is an expected use of a CLI-based tool wrapper. - [DATA_EXFILTRATION]: The skill is designed to upload local file contents and terminal command output to the Wribble blog service. While this involves sending data to an external server, it is the primary and documented purpose of the publishing skill.
- [PROMPT_INJECTION]: The skill retrieves post content and channel data from an external API (Wribble). This data is ingested into the agent context without specific boundary markers or sanitization, creating a surface for indirect prompt injection where malicious instructions stored in a blog post could influence the agent.
- Ingestion points: Data retrieved from
wribble list,wribble get, and associated MCP tools. - Boundary markers: None identified; retrieved content is processed directly.
- Capability inventory: Shell execution capabilities via the
wribbletool. - Sanitization: None specified for external content processing.
Audit Metadata