aiter-control
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the
aiter terminal writecommand which allows an agent to send arbitrary strings to an active terminal. Because the skill automatically appends a carriage return, these strings are immediately executed as shell commands, granting the agent full command execution capabilities. - [DATA_EXFILTRATION]: The
aiter terminal readcommand allows the agent to retrieve the entire text buffer of any terminal. This creates a risk of exposing sensitive information, such as passwords, API keys, or environment variables that may be visible in the terminal history. - [EXTERNAL_DOWNLOADS]: The skill depends on the external
aiterCLI tool and the AiTer desktop application being pre-installed on the system. It also references the use ofjqfor parsing JSON output. - [PROMPT_INJECTION]: The skill has a significant surface for indirect prompt injection as it reads and acts upon the output of external processes.
- Ingestion points: Terminal output via
aiter terminal readinSKILL.md. - Boundary markers: Absent. The agent reads raw terminal lines with no delimiters between command output and potentially malicious data.
- Capability inventory: Full terminal control (
aiter terminal write), project management, and file server orchestration. - Sanitization: ANSI escape codes are stripped, but no semantic sanitization or instruction filtering is applied to the terminal output.
Audit Metadata