tui
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands to bootstrap its environment, specifically starting a local server (
wsh server -L agent-$$ --ephemeral &) and managing process lifecycle (kill %1) during TUI sessions. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it requires the agent to read and act upon potentially untrusted text displayed within terminal applications.
- Ingestion points: Terminal screen grid data and status messages retrieved via
wsh_get_screenor interpreted from the 2D layout (SKILL.md). - Boundary markers: None; the skill does not instruct the agent to use delimiters or ignore instructions that might be embedded in the terminal output.
- Capability inventory: The agent can perform keyboard input injection (
wsh_send_input), manage background processes (wsh server), and interact with local unix sockets viacurl(SKILL.md). - Sanitization: There are no instructions for sanitizing or escaping the content read from the terminal screen before processing.
Audit Metadata