crushable-wingman
Fail
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: CRITICALCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill's core logic relies on the agent executing shell commands and a Python script (
scripts/wingman_store.py) to perform CRUD operations on local files. This script is not included in the provided file list, creating a dependency on unverified external code that could be modified or substituted on the host system. - [PROMPT_INJECTION] (LOW): The skill processes untrusted user data via chat screenshots (
references/ocr-extraction.md). While it employs boundary markers like markdown tables and a confirmation step, there is a risk of indirect prompt injection if the screenshots contain text designed to override agent instructions. - [DATA_EXFILTRATION] (LOW): The skill handles highly sensitive personal information, including relationship details, sexual orientation, and communication patterns. While its primary purpose is local storage, the management of this data via shell commands increases the risk of accidental exposure or targeted exfiltration if the agent is compromised.
- [EXTERNAL_DOWNLOADS] (SAFE): No remote scripts or external packages are downloaded during initialization or execution.
- [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets, API keys, or credentials were found in the analyzed files.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata