vhs-recording
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user or agent to install the vhs CLI and its dependencies (ttyd, ffmpeg) using standard package managers and official GitHub repositories. It specifically references github.com/charmbracelet/vhs, which is maintained by a well-known organization in the developer tools space.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to run the vhs utility. This utility interprets .tape files and executes the terminal commands defined within them (e.g., via Type and Enter actions) to generate an animated GIF. The skill also utilizes system commands like which, grep, and ls for environment checks.
- [PROMPT_INJECTION]: The skill processes .tape files which contain instructions for terminal interactions, creating a surface for indirect prompt injection.
- Ingestion points: Tape files ingested via the vhs command as described in SKILL.md and modules/execution.md, and recursively via the Source directive in modules/tape-syntax.md.
- Boundary markers: No delimiters or warnings are used to prevent the execution of malicious instructions embedded in the tape files.
- Capability inventory: The skill has the capability to execute arbitrary shell commands within the recording environment via the vhs tool using the agent's Bash tool.
- Sanitization: The skill mentions vhs validate in modules/execution.md, but this only verifies syntax and does not filter or sanitize the actual commands being typed into the terminal.
- [DATA_EXFILTRATION]: modules/execution.md documents the use of the --publish flag, which uploads recordings to the public vhs.charm.sh service. This could lead to the exposure of sensitive data if the terminal recording captures credentials, private paths, or internal configurations.
Audit Metadata