skills/mitscherlich/skills/iterm2/Gen Agent Trust Hub

iterm2

Warn

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions and examples for using async_send_text and async_inject to run arbitrary commands in the terminal, granting the agent shell access to the underlying system.
  • [DATA_EXFILTRATION]: The skill enables keystroke logging via iterm2.KeystrokeMonitor, allowing the agent to capture everything the user types in the terminal, including potentially sensitive passwords or credentials.
  • [DATA_EXFILTRATION]: The agent can read all information displayed in terminal windows and historical scrollback buffers through async_get_screen_contents and async_get_contents APIs.
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install the iterm2 Python package, a third-party dependency necessary for script execution.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by combining terminal output reading with command execution capabilities. Ingestion points: Screen content reading (documented in SKILL.md). Boundary markers: Not present. Capability inventory: Subprocess execution and terminal command injection. Sanitization: Not present.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 21, 2026, 04:03 PM
Security Audit — agent-trust-hub — iterm2