macpilot-automation
Warn
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes functionality to execute arbitrary shell commands via
macpilot shell run. This allows the agent to perform any action a user could in the Terminal, including file system modifications or system changes. - [DATA_EXFILTRATION]: The skill provides tools to read sensitive system information, specifically the clipboard content using
macpilot clipboard get, and network details such as local IP addresses and Wi-Fi names. - [PROMPT_INJECTION]: The skill possesses a broad surface for indirect prompt injection as it processes untrusted data from the system environment.
- Ingestion points: Text read from the clipboard, UI labels and values retrieved via
ui find-text, and the output of executed shell commands. - Boundary markers: None. The skill instructions do not include delimiters or warnings to treat system-retrieved data as untrusted.
- Capability inventory: Includes keyboard/mouse emulation, application management, arbitrary command execution, and notification control.
- Sanitization: There are no instructions for the agent to sanitize or validate data retrieved from the clipboard or UI before processing it or using it to drive subsequent actions.
Audit Metadata