wanman-agent-matrix
Fail
Audited by Gen Agent Trust Hub on Apr 26, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to clone a repository from an unverified GitHub account ('chekusu/wanman') that is not recognized as a trusted organization or vendor.
- [REMOTE_CODE_EXECUTION]: Installation requires running 'pnpm install' and 'pnpm build' on the cloned code, which executes arbitrary scripts from the external repository on the host machine.
- [COMMAND_EXECUTION]: The skill provides commands like 'wanman takeover' that perform broad file system and git operations on local projects.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8).
- Ingestion points: Repository content is ingested via the 'takeover' command.
- Boundary markers: No delimiters or protective instructions are documented for the agents.
- Capability inventory: The system can spawn multiple agent processes with file-write and network capabilities.
- Sanitization: There is no evidence of content validation or sanitization before agent processing.
Recommendations
- AI detected serious security threats
Audit Metadata