wilma
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill accesses a local configuration file at
~/.config/wilmai/config.json. This file stores Wilma session credentials, and while necessary for functionality, it represents a risk of sensitive data exposure.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of@wilm-ai/wilma-clivia npm. This package is managed by the vendor ('wilm-ai' / 'aikarjal') and is considered a trusted vendor resource for this context.\n- [COMMAND_EXECUTION]: The wrapper scriptscripts/wilma-cli.shexecutes thewilmabinary with user-supplied arguments. It also contains a fallback execution path that runs a local Node.js script vianode.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted content from the school system.\n - Ingestion points: Data enters the system via
wilma news list/readandwilma messages list/readcommands.\n - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded within the school data.\n
- Capability inventory: The agent can execute various CLI operations and shell commands through the
wilma-cli.shscript.\n - Sanitization: There is no evidence of filtering or sanitization of the retrieved text content.
Audit Metadata