creating-karabiner-modifications
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill uses imperative instructions and behavioral override markers like 'STOP and Use This Skill' and 'ALWAYS ask' within 'Red Flags' and 'Common Rationalizations' sections to prioritize its workflow over the agent's default processing logic.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing natural language user requirements into structured system configuration data. 1. Ingestion points: Natural language user requests for keyboard remapping and customizations. 2. Boundary markers: No explicit delimiters or instructions to disregard malicious content within the user's request are provided. 3. Capability inventory: The skill can write configuration data to
~/.config/karabiner/karabiner.jsonand query application bundle identifiers usingosascript. 4. Sanitization: No evidence of input validation or escaping of user-provided mapping logic is present. - [COMMAND_EXECUTION]: The skill suggests using the
osascriptcommand to retrieve macOS application bundle identifiers, which is a routine operation for defining app-specific keyboard modifications.
Audit Metadata