vhs
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: A detailed audit of the 53 files, including all 47 rules in the references directory, shows no evidence of malicious behavior, data exfiltration, or safety bypasses.
- [EXTERNAL_DOWNLOADS]: The skill references official repositories and GitHub Actions from Charmbracelet (e.g., github.com/charmbracelet/vhs). These are well-known, reputable sources for the technology being documented.
- [COMMAND_EXECUTION]: Includes standard instructions for installing the VHS tool using system package managers (Homebrew, Go, apt). These are standard setup procedures and do not involve untrusted script execution.
- [PROMPT_INJECTION]: No malicious injection patterns or attempts to override agent instructions were found. The use of impact labels like 'CRITICAL' and 'HIGH' correctly describes the technical importance of specific VHS configuration rules.
- [CREDENTIALS_UNSAFE]: The skill explicitly teaches security best practices, such as using the 'Hide' command to prevent sensitive environment variables (like API keys) from appearing in terminal recordings.
Audit Metadata