The Agent Skills Directory

[DATA_EXFILTRATION]: The skill includes tools to read the system clipboard (get_clipboard) and take screenshots (take_screenshot). These capabilities pose a high privacy risk as the clipboard often contains sensitive information such as passwords, tokens, or private messages, and screenshots can capture confidential visible data.
[COMMAND_EXECUTION]: The skill performs system-level operations using AppleScript and local commands to manage applications and system settings. Although the documentation claims to use a keyword blacklist (e.g., blocking 'sudo', 'rm') and input sanitization, such filters are often bypassable through various encoding or command construction techniques.
[PROMPT_INJECTION]: The skill possesses a significant indirect prompt injection surface. It ingests untrusted data from the user's environment through the clipboard and file system searches. If the clipboard or searched files contain malicious instructions, the agent could be manipulated into performing unintended actions using the skill's powerful system control tools.
[DATA_EXFILTRATION]: The spotlight_search tool allows for recursive file discovery across the user's storage. This provides a mechanism for an attacker to locate sensitive documents or configuration files which could then be read or exfiltrated using other agent capabilities.

mac-control