macos-brew
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation includes the standard installation command for Homebrew, which fetches a setup script from the official Homebrew GitHub repository. This is a well-known and trusted source for the tool's intended purpose.
- [COMMAND_EXECUTION]: The skill facilitate the execution of various brew subcommands to manage system packages and services. These operations, including the suggested use of sudo for permission fixes and shell profile modifications for PATH configuration, are essential for the skill's documented functionality and are performed through standard shell execution patterns.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from external sources such as Brewfiles and user-provided formula names. Ingestion points: Data enters the context through the Brewfile content and command-line arguments. Boundary markers: There are no explicit delimiters or warnings provided to prevent the agent from executing instructions embedded in these inputs. Capability inventory: The skill possesses the capability to execute subprocesses and shell commands via the brew CLI. Sanitization: No evidence of input sanitization or validation was found in the provided documentation.
Audit Metadata