wwdc
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes content from an external source (
wwdc.ai). - Ingestion points: Data is fetched from
wwdc.ai(markdown, JSON) andapple.com(JSON) viacurlinscripts/wwdc.shandreferences/docs.md. - Boundary markers: No delimiters or instructions are used to separate external content from agent instructions.
- Capability inventory: The skill has access to shell execution (
scripts/wwdc.sh), network requests (curl), and Node.js for parsing. - Sanitization: No filtering or validation is performed on the content retrieved from external URLs.
- [EXTERNAL_DOWNLOADS]: The skill retrieves session summaries and transcripts from external domains.
- Evidence: Fetches from
wwdc.aianddevimages-cdn.apple.com. - Context: These sources are associated with the vendor and a well-known service, respectively.
- [COMMAND_EXECUTION]: Uses a bundled shell script to automate data retrieval and parsing.
- Evidence:
scripts/wwdc.shexecutescurl,node, andawkcommands. - Context: The script uses safe practices such as quoting variables and using
node -efor parsing instead ofeval.
Audit Metadata