record
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform a preflight check to verify if the 'asciinema' utility is installed on the system.
- [PROMPT_INJECTION]: The skill constructs terminal commands using unvalidated user input for recording titles and file paths, which presents a surface for indirect prompt injection. * Ingestion points: User-provided 'file' and 'title' arguments defined in the SKILL.md frontmatter. * Boundary markers: Absent; the skill does not define specific delimiters or instructions to ignore nested commands within the interpolated strings. * Capability inventory: The skill has access to the 'Bash' tool, which allows for system-level interaction. * Sanitization: The workflow does not include explicit steps for sanitizing or escaping user inputs before they are incorporated into the generated command string.
Audit Metadata