The Agent Skills Directory

[COMMAND_EXECUTION]: The skill requires elevated privileges via sudo, granting the agent full administrative control over the host macOS system.\n- [COMMAND_EXECUTION]: It provides instructions for modifying or disabling critical security features, including System Integrity Protection (SIP) via csrutil and Gatekeeper policies via spctl.\n- [COMMAND_EXECUTION]: The skill enables comprehensive user and group management through the dscl utility, which could be leveraged for unauthorized account creation or privilege modification.\n- [CREDENTIALS_UNSAFE]: The documentation suggests passing administrative passwords via environment variables and command-line flags (e.g., in fdesetup), which risks exposing secrets in process lists, system logs, or shell history.\n- [COMMAND_EXECUTION]: It encourages the use of os.system, os.popen, and AppleScript via osascript for executing commands, which increases the attack surface and potential for command injection.\n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection. Ingestion point: Reads system logs via log show which can contain untrusted data. Boundary markers: None mentioned. Capability inventory: High-privilege tools including sudo, dscl, and fdesetup. Sanitization: No sanitization or validation of log content is specified before processing.

macos-admin