vhs
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses 'nix run nixpkgs#vhs' to execute commands defined in a '.tape' file within a terminal environment.
- [EXTERNAL_DOWNLOADS]: Fetches and runs the 'vhs' tool directly from the Nixpkgs repository.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface where malicious instructions in recorded data could be executed as shell commands.
- Ingestion points: Commands and text content within the '.tape' file.
- Boundary markers: Absent.
- Capability inventory: Full shell access via the 'vhs' interpreter.
- Sanitization: Absent.
Audit Metadata