vcr-ascii-pipeline
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill triggers the execution of a custom shell script (
scripts/ascii_link_overlay.sh) and an external CLI tool (vcr). Execution of scripts with parameters derived from user input (e.g., URLs and file paths) is a potential vector for command injection if inputs are not sanitized. - PROMPT_INJECTION (LOW): The skill processes external ASCII data and remote URLs, providing a surface for indirect prompt injection. Ingestion points:
<input>.vcrtxtand<ascii_co_uk_url>inSKILL.md. Boundary markers: None present. Capability inventory: Shell command execution (vcr) and script execution (ascii_link_overlay.sh). Sanitization: No evidence of input validation or escaping is provided in the documentation.
Audit Metadata