Skills
skills/aikarjal/wilmai/wilma/Gen Agent Trust Hub

wilma

Pass

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Executes the wilma and wilmai binaries via the shell wrapper script located at scripts/wilma-cli.sh to retrieve student data.
  • [EXTERNAL_DOWNLOADS]: Installs the @wilm-ai/wilma-cli package from the npm registry and references external documentation on github.com/aikarjal/wilmai and the wilm.ai domain.
  • [EXTERNAL_DOWNLOADS]: Includes a wilma update command that enables the CLI tool to fetch and apply updates from remote sources.
  • [CREDENTIALS_UNSAFE]: Accesses the sensitive configuration file ~/.config/wilmai/config.json (or $XDG_CONFIG_HOME/wilmai/config.json) which stores Wilma session credentials and TOTP secrets for student accounts.
  • [PROMPT_INJECTION]: Processes untrusted data from the Wilma school system which creates a risk for indirect prompt injection.
  • Ingestion points: External content is ingested through commands like wilma news list, wilma news read, wilma messages list, and wilma messages read.
  • Boundary markers: The skill instructions do not utilize boundary markers or explicit safety warnings to delineate ingested content.
  • Capability inventory: The agent can execute shell commands using the wilma binary to interact with the environment.
  • Sanitization: There is no evidence of sanitization or filtering of the text content fetched from messages or news before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
May 9, 2026, 08:51 AM