worktrunk
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill provides templates for spawning background sessions using terminal multiplexers (
tmux,zellij). These templates involve interpolating user-defined task descriptions into shell commands (e.g.,tmux new-session -d ... "wt switch ... -x claude -- '<task description>'"), which can lead to command injection if the task description contains shell-sensitive characters. - COMMAND_EXECUTION (LOW): The skill automates the generation and modification of project hooks in
.config/wt.toml. While it includes safety instructions to warn users about destructive commands (likesudoorrm -rf), it directly facilitates the persistent execution of arbitrary shell scripts during git lifecycle events. - INDIRECT_PROMPT_INJECTION (LOW): The skill reads untrusted external data from project files such as
package.json,Cargo.toml, and.config/wt.toml(File: SKILL.md). These files lack boundary markers and are used to determine which hooks to suggest, creating a surface where a malicious project could influence the agent's proposed configurations. - SAFE (Best Practice): The skill explicitly defines permission models requiring user consent before editing personal configurations and includes logic to detect and warn against dangerous shell patterns.
Audit Metadata