asciinema-streaming-backup
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill probes the user's private SSH configuration (
/.ssh/config) and lists SSH keys (/.ssh/id_ed25519_*) to detect and suggest GitHub accounts. - [COMMAND_EXECUTION]: Extensive bash scripting is used for preflight checks, environment setup, and the core monitoring loop that manages terminal recordings.
- [EXTERNAL_DOWNLOADS]: Automated setup scripts utilize system package managers like Homebrew and APT to install required utilities such as zstd, brotli, and asciinema.
- [DATA_EXFILTRATION]: Core functionality involves automatically committing and pushing terminal recordings to an external GitHub repository, which may include sensitive command history.
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by processing and storing untrusted terminal output in a remote repository without sanitization or boundary markers.
Audit Metadata