wts-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill facilitates the use of a
setupScriptdefined in.wts-config.json. This script is executed automatically after worktree creation, allowing for arbitrary command execution. This represents a high risk if the project configuration is controlled by an attacker (e.g., in a cloned repository). - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill explicitly instructs users to install the
@desplega.ai/wtspackage globally using npm. This package is not from a trusted source organization defined in the security policy. - [REMOTE_CODE_EXECUTION] (HIGH): The automated execution of scripts defined in repository metadata (
.wts-config.json) constitutes a remote code execution vector when the agent processes untrusted project files. - [DATA_EXPOSURE] (LOW): The skill checks for project registration by reading
~/.wts.json. While necessary for the tool's function, accessing configuration files in the home directory is a potential exposure vector. - [PROMPT_INJECTION] (LOW): The skill is susceptible to indirect prompt injection through configuration files and GitHub PR metadata.
- Ingestion points:
~/.wts.json,.wts-config.json, and GitHub PR fields. - Boundary markers: None. Data is read and processed without explicit delimiters or warnings to ignore embedded instructions.
- Capability inventory: File system access, network operations via
ghCLI, and arbitrary command execution viasetupScript. - Sanitization: No sanitization or validation of input from external files is described.
Recommendations
- AI detected serious security threats
Audit Metadata