wt-setup
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The generator script (
scripts/generate.py) and its templates perform file system operations such as directory creation, file writing, and permission modifications (chmod +x). The generated bootstrap scripts are designed to execute standard build tools and package managers (e.g.,make,npm,yarn,pnpm,uv,cargo). One template (setup-multi.sh) includes a mechanism to source a local override script (.wt/setup.local) from the base repository. - [EXTERNAL_DOWNLOADS]: The generated bootstrap scripts trigger standard package managers to download project dependencies from official public registries (e.g., NPM, PyPI, Crates.io). The skill also neutrally references the
wttool's official GitHub repository (github.com/tumf/wt). - [PROMPT_INJECTION]: The skill processes local repository files like
package.json,Makefile, andCargo.tomlto automatically detect project types. While this is an ingestion surface for untrusted data (indirect prompt injection), the detection logic is limited to checking for file existence and simple substring matching, which represents a low risk profile. - Ingestion points:
scripts/generate.pyreads manifest files from the current directory. - Boundary markers: None present.
- Capability inventory: File system writes, executable permission assignment, and execution of arbitrary build commands via generated scripts.
- Sanitization: None present; the detection relies on static file indicators.
Audit Metadata