capture
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the vendor-owned tctl utility (located at ${DROID_PLUGIN_ROOT}/bin/tctl) to launch sessions, capture terminal output, and manage snapshots. This tool is central to the skill's purpose and is documented neutrally.\n- [PROMPT_INJECTION]: The skill processes interaction scripts to define automation sequences, representing a potential surface for indirect prompt injection.\n
- Ingestion points: Interaction scripts are accepted as inputs via command invocation (SKILL.md).\n
- Boundary markers: The instructional documentation does not specify the use of delimiters or ignore-behavior instructions for these scripts.\n
- Capability inventory: The skill has access to terminal control via tctl and web interaction via agent-browser (SKILL.md).\n
- Sanitization: There is no mention of sanitization or validation of the provided interaction scripts.
Audit Metadata