Skills
skills/google-gemini/gemini-cli/agent-tui/Gen Agent Trust Hub

agent-tui

Pass

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • Remote Script Execution: The skill provides a command to download and execute a shell script from a remote GitHub repository (curl -fsSL ... | sh). This pattern executes code directly from an external source without a manual review step.
  • Indirect Prompt Injection Surface: The skill interacts with terminal output using screenshot and wait. If a TUI application displays untrusted data, that content enters the agent's context and could potentially affect its decision-making.
  • Ingestion points: Terminal content captured via agent-tui screenshot and agent-tui wait as described in SKILL.md.
  • Capability inventory: The skill can execute commands (run), provide keyboard input (type, press), and manage sessions (kill).
  • Boundary markers: No specific markers are used to differentiate terminal data from the agent's instructions.
  • Sanitization: The instructions do not specify any validation or filtering of the captured terminal text.
  • Background Service Management: The skill includes a workaround for macOS that uses tmux to run background daemons. This involves managing persistent sessions and temporary files to maintain the tool's connectivity.
Audit Metadata
Risk Level
SAFE
Analyzed
May 19, 2026, 07:24 AM
Security Audit — agent-trust-hub — agent-tui