vhs
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (MEDIUM): The skill is designed to execute arbitrary shell commands via
.tapefiles (usingTypeandEntercommands). While this is the primary purpose of the tool, it allows the agent to execute any command in the local environment, including those that might be malicious if the agent is compromised or misled. - DATA_EXFILTRATION (MEDIUM): The
vhs publishcommand uploads recordings tovhs.charm.sh, a public hosting service. This represents a significant exfiltration vector if the terminal session contains sensitive information like API keys, credentials, or private file contents. - EXTERNAL_DOWNLOADS (LOW): The skill references and encourages the installation of external tools from
github.com/charmbracelet/vhsandgithub.com/marcfargas/holdpty. Neither 'charmbracelet' nor 'marcfargas' are included in the provided list of Trusted GitHub Organizations. - INDIRECT_PROMPT_INJECTION (LOW): The skill creates a surface where untrusted data could be used to generate
.tapefiles, leading to the execution of unintended commands. - Ingestion points: Data used to populate
.tapefiles (e.g., tool output, user input). - Boundary markers: Absent; there are no instructions to sanitize or delimit untrusted content within the tape syntax.
- Capability inventory: Shell command execution, network upload (publish), and background process manipulation via
holdpty. - Sanitization: None; the skill does not provide methods for escaping or validating the content typed into the terminal.
Audit Metadata