asciinema-streaming-backup
Warn
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive local files to identify and configure GitHub accounts. Evidence includes references/account-detection.md which greps ~/.ssh/config and lists ~/.ssh/id_ed25519_* files to extract account names. references/setup-scripts.md also references private key paths in the ~/.ssh/ directory to configure the GIT_SSH_COMMAND environment variable.
- [COMMAND_EXECUTION]: The skill dynamically creates and executes local shell scripts with user-defined parameters. Evidence includes references/setup-scripts.md which generates the idle-chunker.sh script using a heredoc and assigns executable permissions. references/autonomous-validation.md contains a comprehensive test script executed via the Bash tool.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes .cast recording files which contain raw terminal output and metadata. Ingestion occurs in idle-chunker.md during the monitoring of active recordings. Boundary markers and sanitization are absent, while the skill retains capabilities for file modification and network access via the git and gh CLI tools.
Audit Metadata