ghostty-terminal-automation
Fail
Audited by Snyk on Jul 2, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). This skill grants programmatic, full-control over local terminals (arbitrary command execution via terminal.send/new_terminal, ability to read terminal output/cells, list working directories, and take screenshots), which can be easily abused to perform remote code execution, capture sensitive data (credentials, tokens, env vars, typed input) and enable stealthy exfiltration or backdoor behavior if used maliciously.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.70). The required runtime workflow uses
terminal(..., action="read")/wait_textto ingest the terminal’s on-screen output (which can include outsider-authored free text from programs, logs, or remote content the user runs), into the agent’s LLM context.
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata