Skills
skills/nicobailon/pi-interactive-shell/interactive-shell/Gen Agent Trust Hub

interactive-shell

Pass

Audited by Gen Agent Trust Hub on Feb 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill's primary function is to execute arbitrary shell commands provided by the agent via node-pty. This enables the agent to interact with TUIs and long-running processes.\n
  • Evidence: pty-session.ts spawns a shell to execute the command parameter.\n- [EXTERNAL_DOWNLOADS]: The installation script downloads and installs standard Node.js dependencies required for terminal emulation and PTY management.\n
  • Evidence: scripts/install.js executes npm install within the extension directory to fetch dependencies like node-pty and @xterm/headless.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it captures and processes output from the terminal which is then presented back to the agent. Malicious instructions in the output of a command or sub-agent could influence the main agent's behavior.\n
  • Ingestion points: pty-session.ts captures raw terminal data through onData listeners.\n
  • Boundary markers: Output returned to the agent is delimited by descriptive headers (e.g., 'Session output transferred', 'Overlay tail', 'Session completed successfully').\n
  • Capability inventory: The skill can execute shell commands (interactive_shell) and manage background processes.\n
  • Sanitization: Terminal output is sanitized using stripVTControlCharacters to remove ANSI escape sequences and control characters before being sent to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 27, 2026, 04:34 AM
Security Audit — agent-trust-hub — interactive-shell