wta-green-impl

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it reads and interprets data from external files to guide its actions. Maliciously crafted instructions within these files could potentially override the agent's intended behavior.
  • Ingestion points: The agent reads from the contract/ directory (specifically intent.md, task.md, and interface.md) and the product/ source code directory.
  • Boundary markers: The skill references generated AGENTS.md and CLAUDE.md files for context but lacks explicit delimiters or instructions to ignore embedded commands within the processed data.
  • Capability inventory: The skill can modify the file system, execute arbitrary shell commands via build tools, and perform network operations through the wta submit command.
  • Sanitization: No sanitization or validation of the ingested content is performed before use.
  • [COMMAND_EXECUTION]: The skill uses various shell commands to perform its core functions, including project-specific CLI tools, standard build systems, and version control.
  • Evidence: Execution of wta take, wta pull, wta submit, cargo build --locked, cargo test --locked, and git commit.
  • Context: While these are legitimate tools for a coding role, cargo test and cargo build can execute arbitrary code defined within the repository's build configuration or test suites.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:17 PM
Security Audit — agent-trust-hub — wta-green-impl