The Agent Skills Directory

COMMAND_EXECUTION (LOW): The skill generates .tape files containing user-specified shell commands and executes them using the vhs utility. While this is the intended functionality for a demo generator, it constitutes a capability for arbitrary command execution.
Indirect Prompt Injection (LOW): The batch_generate.py script parses external YAML or JSON configuration files for command lists. If an agent processes an untrusted configuration file, it could be coerced into executing malicious commands. Ingestion points: scripts/batch_generate.py (YAML/JSON parsing). Boundary markers: Absent. Capability inventory: Shell command execution via vhs (invoked in scripts/auto_generate_demo.py). Sanitization: Absent; command strings are directly interpolated into the generated script files.

cli-demo-generator