winget
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Windows Package Manager (winget) to execute high-privilege operations including installing, upgrading, and uninstalling software on the host system. Commands like
winget installandwinget uninstallcan significantly alter the security posture and stability of the operating system. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and execution of external software packages from the winget and Microsoft Store repositories. Although these are official distribution channels, they host third-party content that could be malicious if the package identifier is spoofed or manipulated.
- [PROMPT_INJECTION]: The skill defines a mechanism for 'Interactions with other Skills' where it may automatically attempt to install software requested by a separate, potentially untrusted skill. This creates a surface for indirect prompt injection.
- Ingestion points: Requests originating from other skills as described in the '与其他 Skill 联动' section.
- Boundary markers: The instructions mandate 'HITL (Human-in-the-loop) confirmation' before any installation or uninstallation, which acts as a manual boundary marker.
- Capability inventory: The skill possesses full access to
wingetinstallation, uninstallation, and upgrade commands. - Sanitization: There is no programmatic sanitization or validation of the application IDs against a known safe whitelist; it relies entirely on the user's manual review.
Audit Metadata