cli-demo-generator
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Python scripts
scripts/auto_generate_demo.pyandscripts/batch_generate.pyfacilitate arbitrary command execution. They take user-provided strings and incorporate them into.tapefiles which are then executed by thevhsbinary viasubprocess.run. This allows any command passed to the skill to run in a real shell environment. - [EXTERNAL_DOWNLOADS]: The skill requires and provides instructions for installing external software dependencies, specifically
vhsandasciinema. While these are well-known tools, the skill's reliance on external binaries from GitHub and third-party package managers (brew, apt, go) is a necessary component of its functionality. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by processing external data and executing commands based on that data.
- Ingestion points:
scripts/batch_generate.pyreads demo definitions from YAML and JSON configuration files, whilescripts/auto_generate_demo.pytakes command strings as input arguments. - Boundary markers: Absent. Commands provided in the input data are directly interpolated into the executable
.tapefiles without sanitization or instructions to ignore embedded malicious content. - Capability inventory: The skill has the capability to execute any shell command on the host system via the
vhsrecording tool. - Sanitization: No input validation, escaping, or filtering is performed on the commands before they are executed in the recording session.
Audit Metadata