macos-automation
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on utilities like
osascript,JXA, andShortcutsto execute arbitrary scripts on the host system. It explicitly suggests usingsudofor elevated script execution and mentions using thetccutilCLI to manipulate system Privacy and Security (TCC) settings, which can lead to unauthorized permission changes.- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection. 1. Ingestion points: Data is ingested via theshortcuts runcommand using the-iflag for JSON input. 2. Boundary markers: No protective boundary markers or instructions to ignore embedded commands are implemented. 3. Capability inventory: The skill has high-impact capabilities includingosascriptexecution andsudoaccess. 4. Sanitization: No input validation or sanitization is described before data is passed to system commands.- [EXTERNAL_DOWNLOADS]: The skill suggests installing theosapackage from the NPM registry to enable AppleScript integration within Node.js environments.
Audit Metadata