terminal-emulator
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the @microsoft/tui-test package from npm. This dependency is maintained by Microsoft, a recognized trusted organization, and is required for the skill's stated purpose.
- [COMMAND_EXECUTION]: The skill executes shell commands via npx and node to run interactive tests. This is the intended primary functionality and does not exhibit malicious patterns.
- [PROMPT_INJECTION]: The skill processes data from terminal output through the terminal.content property, creating a surface for indirect prompt injection from applications being tested. Evidence Chain: 1. Ingestion points: terminal.content in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Bash tool for command execution (npx, node) in SKILL.md. 4. Sanitization: None.
Audit Metadata