whoo-cli
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill instructs the user to install an external package globally using
bun add -g whoo. This package is not hosted by a trusted organization (e.g., Google, Microsoft, Anthropic), representing an unverifiable dependency that could lead to remote code execution if the package is malicious or compromised. - [COMMAND_EXECUTION] (LOW): The skill relies on executing various shell commands (
whoo overview,whoo user, etc.) to perform its primary function. While intended, this provides the agent with a surface for local system interaction. - [DATA_EXFILTRATION] (LOW): The skill retrieves highly sensitive personal health data, including resting heart rate, SpO2, and sleep performance. Although no unauthorized exfiltration was detected in the static instructions, the ingestion of this data into the LLM context carries inherent privacy risks if the agent is subsequently prompted to share information externally.
- [CREDENTIALS_UNSAFE] (LOW): The authentication flow requires the user to provide a
client_idandclient_secret. While the skill uses placeholders and non-interactive flags for these secrets, it requires the agent to handle sensitive credentials that grant access to the user's health account. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill possesses a data ingestion surface that could be exploited via indirect prompt injection.
- Ingestion points:
whoo [command] --json(SKILL.md). - Boundary markers: Absent; the skill does not use delimiters to wrap the CLI output or provide instructions to ignore embedded commands within the JSON data.
- Capability inventory: Execution of local CLI commands (SKILL.md).
- Sanitization: Absent; no evidence of filtering or validation of the API response before processing.
Audit Metadata