wachi
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill promotes installation via
curl -fsSL ... | shfrom an untrusted GitHub repository (ysm-dev/wachi). This pattern allows for arbitrary code execution on the user's system during setup. - [EXTERNAL_DOWNLOADS] (HIGH): The
wachi upgradecommand and the 24-hour auto-update mechanism download and replace the tool's binary from GitHub Releases, which is an unverified source. - [CREDENTIALS_UNSAFE] (HIGH): The skill handles and stores highly sensitive information, including LLM API keys and notification service tokens (e.g., Slack
xoxb-tokens, Discord webhooks), in a local configuration file (~/.config/wachi/config.yml) with potential for exposure. - [COMMAND_EXECUTION] (MEDIUM): The skill and its specifications indicate the tool automatically installs dependencies at runtime, such as
agent-browserand the Python package manageruv, which involves executing system-level commands without explicit user confirmation. - [PROMPT_INJECTION] (LOW): The tool is vulnerable to Indirect Prompt Injection.
- Ingestion points: Scrapes raw HTML and accessibility trees from any user-provided URL during the
wachi subandwachi checkprocesses. - Boundary markers: Absent. No delimiters or instructions are specified to prevent the LLM from following commands embedded in the monitored web content.
- Capability inventory: The tool can execute shell scripts, modify its own binary, and send data to over 90 external notification services.
- Sanitization: The specification does not describe any sanitization or filtering of web content before it is processed by the LLM for CSS selector identification or article summarization.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/ysm-dev/wachi/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata