wren-sql
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Periodically checks for updates by retrieving a version manifest from the project's official repository on raw.githubusercontent.com.
- [REMOTE_CODE_EXECUTION]: Provides instructions to update the skill using a shell script downloaded from the official GitHub repository and piped to bash. This is a standard practice for developer tool maintenance.
- [COMMAND_EXECUTION]: Includes shell commands for manual maintenance and updating of the SQL generation environment.
- [PROMPT_INJECTION]: The version check mechanism represents a potential surface for indirect instructions.
- Ingestion points: Silently fetches JSON data from a remote URL (SKILL.md).
- Boundary markers: Absent; remote data is processed directly for version string comparison.
- Capability inventory: Recommends shell command execution (SKILL.md) and handles complex SQL logic across multiple files (SKILL.md, references/bigquery.md, references/correction.md, references/datetime.md, references/types.md).
- Sanitization: None; the remote metadata is used directly without validation beyond string comparison.
Audit Metadata