tuistory
Pass
Audited by Gen Agent Trust Hub on Apr 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the tuistory package from the NPM or Bun registry to provide TUI automation capabilities.
- [COMMAND_EXECUTION]: Executes shell commands to launch terminal applications within automated sessions via the tuistory launch command.
- [PROMPT_INJECTION]: The skill ingests untrusted data from terminal output through snapshots and wait patterns, which could contain indirect prompt instructions from automated applications.
- Ingestion points: Terminal snapshots and wait command outputs in SKILL.md.
- Boundary markers: None present to distinguish application output from instructions.
- Capability inventory: Process execution (launch), text input (type), and key simulation (press).
- Sanitization: No explicit sanitization of terminal content before agent processing.
Audit Metadata