asciinema-recorder
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to verify software requirements and offers to run installation commands, including those requiring 'sudo' for system package managers.
- [EXTERNAL_DOWNLOADS]: It retrieves the 'asciinema' utility from trusted sources such as Homebrew, APT repositories, and PyPI.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by incorporating the local filesystem state into generated commands. Ingestion points: Workspace name from the '$PWD' environment variable. Boundary markers: None. Capability inventory: 'Bash' tool for directory management and 'AskUserQuestion' for configuration. Sanitization: Input variables are double-quoted in scripts to mitigate basic injection, but the final command relies on user review as a primary security control.
Audit Metadata