wework
Warn
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill provides installation instructions for
wework-cliusinggo installfromgithub.com/dvcrn/wework-cliand a custom Homebrew tap (dvcrn/formulas). These sources are not on the trusted organization list, representing the installation of unverifiable third-party software. - COMMAND_EXECUTION (LOW): The skill is designed to construct and execute shell commands via the
weworkbinary. While intended for its primary purpose, this capability grants the agent the power to run external code that has not been audited. - PROMPT_INJECTION (LOW): The skill contains an indirect prompt injection surface (Category 8) as it parses text-based CLI output to drive subsequent agent decisions.
- Ingestion points: CLI output from
wework desksandwework locationsis used to identify targets for booking. - Boundary markers: Absent; the skill does not define delimiters to separate potentially untrusted CLI output from internal logic.
- Capability inventory: The skill can execute state-changing actions (
wework book) and write to the local filesystem (wework calendar --calendar-path). - Sanitization: Absent; there is no instruction for the agent to sanitize or validate the content of the CLI output before using it to formulate new commands.
Audit Metadata