Skills
skills/hkuds/cli-anything/cli-anything-iterm2-ctl/Gen Agent Trust Hub

cli-anything-iterm2-ctl

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides tools to send arbitrary text and commands to iTerm2 terminal sessions using the session send command, effectively allowing the agent to execute any shell command.
  • [DATA_EXFILTRATION]: The skill can read live terminal output, scrollback history, and session metadata via session scrollback and app snapshot. This may expose sensitive information displayed in the terminal (such as environment variables or file contents) to the agent.
  • [EXTERNAL_DOWNLOADS]: The prerequisites specify installing the cli-anything-iterm2 Python package via pip and the iTerm2 application via Homebrew.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads untrusted data directly from the terminal output, which could contain malicious instructions designed to influence the agent's behavior.
  • Ingestion points: SKILL.md (via the session scrollback and app snapshot commands which ingest terminal content).
  • Boundary markers: None identified; terminal output is read and processed without explicit delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill allows for arbitrary command execution (session send) and modification of iTerm2 preferences (pref write).
  • Sanitization: No sanitization, filtering, or validation of terminal output is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 12:02 PM