Skills
skills/jamditis/claude-skills-journalism/electron-dev/Gen Agent Trust Hub

electron-dev

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill documents the use of node-pty to spawn system shells like PowerShell or Bash, which allows arbitrary command execution as part of its terminal integration features.
  • [EXTERNAL_DOWNLOADS]: WebRTC signaling is configured to use peerjs-server.com, a well-known public service for the PeerJS library.
  • [PROMPT_INJECTION]: The integration of a PTY terminal introduces a surface for indirect prompt injection.
  • Ingestion points: Data enters via ptyProcess.onData in SKILL.md.
  • Boundary markers: None are defined to isolate terminal output.
  • Capability inventory: The skill facilitates command input via ptyProcess.write.
  • Sanitization: No validation or sanitization of terminal output is provided in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 01:25 AM
Security Audit — agent-trust-hub — electron-dev