asciinema-analyzer
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses
uv run --withto dynamically download and execute Python packages such asyakeandscikit-learnfrom external registries at runtime. - [COMMAND_EXECUTION]: Multiple Bash heredoc blocks are used to execute shell commands including
rg,fd,awk, andbcfor file discovery and data processing. - [PROMPT_INJECTION]: The skill is vulnerable to script injection in Phase 5, where the
$INPUT_FILEvariable is interpolated directly into a Python script using single quotes. A malicious file path containing a single quote followed by Python commands could lead to arbitrary code execution. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection (Category 8). Evidence: 1. Ingestion point: Reads terminal recording files (.txt) in Phase 5 and Phase 6. 2. Boundary markers: None are present to distinguish recorded text from agent instructions. 3. Capability inventory: Uses Bash and Python execution. 4. Sanitization: No sanitization or validation of the recording content is performed before analysis.
- [DATA_EXFILTRATION]: The skill accesses and reads terminal recording files from the user's filesystem. While required for the skill's purpose, this represents a data exposure surface for local information.
Audit Metadata