worldbook
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (MEDIUM): The skill promotes the installation of the 'worldbook' package via pip and npm, as well as cloning from 'https://github.com/femto/worldbook-cli'. The organization 'femto' is not a recognized trusted source, making the dependency unverifiable.
- [Indirect Prompt Injection] (LOW): The skill is designed to fetch instructions from an external knowledge base and inject them directly into the agent's context. This creates a vulnerability surface where an attacker could influence agent behavior via poisoned knowledge entries. Evidence: 1. Ingestion Point: Output of 'worldbook get' command. 2. Boundary Markers: Absent; instructions advise to 'inject it into your context'. 3. Capability Inventory: Agent is expected to execute subsequent CLI commands based on injected text (e.g., 'gh issue create'). 4. Sanitization: None mentioned.
Audit Metadata