Skills
skills/terrylica/cc-skills/terminal-print/Gen Agent Trust Hub

terminal-print

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local system commands including pbpaste to read the clipboard, pandoc and xelatex for document conversion, and lpr for sending the generated PDF to a printer. These commands are necessary for the skill's primary function.
  • [DATA_EXFILTRATION]: The skill accesses the system clipboard or user-specified local files to obtain terminal output for printing. This data is processed entirely on the local machine to generate a PDF and is not transmitted to any external network domains.
  • [EXTERNAL_DOWNLOADS]: Documentation in the skill suggests that users install the pandoc and mactex software packages via Homebrew if they are not already available. These are well-known, legitimate document processing tools.
  • [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted data from the clipboard or external files and passes it through Pandoc and LaTeX engines.
  • Ingestion points: Data is ingested via pbpaste or the --file flag in the assets/print-terminal.sh script.
  • Boundary markers: Content is enclosed within a Markdown code block (text ... ) before processing.
  • Capability inventory: The skill utilizes pandoc with xelatex, lpr, and open (to preview the PDF).
  • Sanitization: The script uses sed to remove ANSI escape sequences, though it does not explicitly sanitize for potential LaTeX-specific injection commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 09:51 AM