Skills
skills/ggprompts/tabzchrome/tabz-terminals/Gen Agent Trust Hub

tabz-terminals

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The scripts/setup-worktree.sh script automatically executes npm install, yarn install, or pnpm install on newly created worktrees. These package managers can execute arbitrary code during installation via lifecycle hooks (such as postinstall) defined in a project's package.json file.
  • [COMMAND_EXECUTION]: The scripts/setup-worktree.sh script automatically runs npm run build, which executes arbitrary commands defined in the project's build configuration.
  • [COMMAND_EXECUTION]: The skill provides functionality to spawn terminals and execute arbitrary shell commands via a local REST API endpoint (http://localhost:8129/api/spawn).
  • [CREDENTIALS_UNSAFE]: The skill reads an authentication token from the local file /tmp/tabz-auth-token to authenticate with the TabzChrome API. Exposure or misuse of this token could allow unauthorized control over terminal sessions.
  • [PROMPT_INJECTION]: The skill orchestrates parallel workers using natural language prompt templates. This architecture creates a surface for indirect prompt injection, where malicious instructions embedded in untrusted repository content could influence the behavior of the workers.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 02:16 AM