macos-perf
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute powerful native macOS utilities such as
top,instruments,powermetrics, andioreg. These are invoked through Python'ssubprocess.runor shell scripts, which is the primary intended function of the skill. - [COMMAND_EXECUTION]: Documentation suggests the use of
sudoto resolve permission issues when running certain tools likepowermetrics, which could lead to unintended privilege escalation if mismanaged. - [PROMPT_INJECTION]: The skill represents an indirect prompt injection surface. It ingests data from system command outputs (like process lists from
topor system registry info fromioreg) and parses them using regex. If an attacker can influence these inputs (e.g., by naming a malicious process with injection strings), and the agent processes this output without sanitization, it could influence the agent's behavior. - Ingestion points: Outputs from
top,vm_stat,ioreg, andinstruments(referenced in SKILL.md). - Boundary markers: None implemented; outputs are piped directly to
grepor parsed via regex. - Capability inventory: Uses
subprocess.runto execute arbitrary system binaries andinstrumentsto launch application paths. - Sanitization: No evidence of escaping or validation of the tool outputs or the application paths provided to
instruments.
Audit Metadata