wf0-config
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to read and write to the local file system at the path
.wf/config.json. This behavior is the primary and intended purpose of the skill as a configuration management tool.\n- [DATA_EXPOSURE]: The skill handles information such as Jira project keys and domains. This data is collected and stored only in the local configuration file and is not transmitted to any external services. The skill does not request or store sensitive credentials like API tokens or passwords.\n- [PROMPT_INJECTION]: The skill reads existing configuration data from.wf/config.json, which represents an indirect prompt injection surface. While the ingestion of this data could theoretically influence agent behavior, the risk is considered negligible given the local and tool-specific nature of the file.\n - Ingestion points: The skill reads configuration values from
.wf/config.jsonwhen displaying settings or entering the editing flow.\n - Boundary markers: There are no explicit delimiters or 'ignore instructions' warnings used when the agent processes the file content.\n
- Capability inventory: The skill possesses the capability to write to the local file system at the specific path
.wf/config.json.\n - Sanitization: No validation or sanitization of user-provided configuration values is performed before they are saved to the file.
Audit Metadata