Skills
skills/joannis/claude-skills/wendy-contributing/Gen Agent Trust Hub

wendy-contributing

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (LOW): The skill provides instructions to download a container registry asset from github.com/wendylabsinc. While the organization is not in the predefined trusted list, GitHub is a standard platform for hosting OS components, and the usage is consistent with the skill's purpose.
  • COMMAND_EXECUTION (LOW): Includes high-privilege commands like sudo dd and sudo bmaptool for flashing disk images to hardware. These are standard procedures for embedded Linux development and are appropriately documented for their context.
  • REMOTE_CODE_EXECUTION (LOW): Guidance is provided to download a tarball from GitHub and import it as a container image via ctr images import. This constitutes intended functionality for setting up a local development environment.
  • [Indirect Prompt Injection] (LOW): The skill describes processing device metadata (UUID and name) for mDNS discovery. There is a surface for indirect injection if these values are attacker-controlled, but the risk is low given the intended local network scope and typical OS deployment trust models.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:37 PM