The Agent Skills Directory

COMMAND_EXECUTION (MEDIUM): The skill is designed to execute and record arbitrary shell commands provided by the user via the vhs tool. This is implemented in scripts/auto_generate_demo.py and scripts/batch_generate.py. While this is the primary purpose of the skill, it creates a surface where a malicious user could trick the agent into executing harmful commands (e.g., file deletion, credential access) that would be run in the local environment during the recording process.
DATA_EXFILTRATION (MEDIUM): Because the terminal session is recorded to visual formats (GIF/MP4), any sensitive information accessed during the recorded commands—such as environment variables, SSH keys, or configuration files—will be captured in the output file and potentially exposed to unauthorized parties.
INDIRECT_PROMPT_INJECTION (LOW): The skill processes untrusted command strings from user prompts and external configuration files (batch-config.yaml) and interpolates them directly into .tape files.
Ingestion points: Commands are ingested via the -c argument in auto_generate_demo.py and via YAML/JSON keys in batch_generate.py.
Boundary markers: No sanitization or boundary markers are used to distinguish between intended demo commands and potentially malicious injected instructions.
Capability inventory: The skill uses subprocess.run to call vhs, which has full capability to execute arbitrary shell commands in the terminal.
Sanitization: There is no escaping or validation of the commands before they are written to the .tape file and executed.

cli-demo-generator