Skills
skills/hkuds/cli-anything/cli-anything-iterm2/Gen Agent Trust Hub

cli-anything-iterm2

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches and executes shell integration scripts from the official iTerm2 domain. * Evidence: curl -L https://iterm2.com/shell_integration/install_shell_integration.sh | bash in references/session-shell-integration.md.
  • [COMMAND_EXECUTION]: Provides functionality to send text and raw bytes to terminal sessions, allowing the execution of arbitrary shell commands. * Evidence: session send and session inject commands in references/session-io.md.
  • [DATA_EXFILTRATION]: Allows the agent to read the terminal screen and scrollback history, which may contain sensitive information. * Evidence: session screen and session scrollback in references/session-io.md.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it reads untrusted data from terminal output. * Ingestion points: Reads terminal history and screen content in references/session-io.md. * Boundary markers: Absent. No delimiters are provided to distinguish terminal data from instructions. * Capability inventory: High (allows shell command execution and terminal session control). * Sanitization: Absent. No filtering of output is performed before ingestion.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:02 PM
Security Audit — agent-trust-hub — cli-anything-iterm2