terminal
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes arbitrary shell commands provided by the agent using
subprocess.run(shell=True)inscripts/run_command.py. This is the core functionality but presents an inherent risk if malicious commands are generated. - Evidence: The script
scripts/run_command.pyaccepts a--commandstring and passes it directly to the system shell. - Mitigation: The skill implements a
risk_levelcheck inscripts/lib/safety.pythat identifies patterns likerm,sudo,curl | bash, andchmod, requiring an explicit--yesflag for execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from the terminal's stdout and stderr, which is later processed by the agent.
- Ingestion points:
scripts/run_command.pycaptures all command output, andscripts/show_history.pyreads this output back into the context. - Boundary markers: Absent; command output is stored and displayed without delimiters or instructions to the agent to treat the content as untrusted data.
- Capability inventory: The skill can execute any shell command, perform file system operations, and read local files.
- Sanitization: While the skill redacts sensitive credentials (API keys, tokens) using regex in
scripts/lib/safety.py, it does not sanitize or filter natural language instructions that may be embedded in the captured output.
Audit Metadata