macos-security
Fail
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly instructs the agent to use 'sudo' and 'sudo -u root' for command execution, which provides a path to full administrative control of the system.
- [COMMAND_EXECUTION]: Instructions describe how to bypass Gatekeeper security by removing the 'com.apple.quarantine' attribute from files using the 'xattr' utility.
- [COMMAND_EXECUTION]: The skill facilitates the modification of Transparency, Consent, and Control (TCC) permissions using 'tccutil', allowing for the programmatic granting of access to sensitive data and hardware like the camera.
- [CREDENTIALS_UNSAFE]: Example usage includes the inclusion of API keys ($SECURITY_API_KEY) in the headers of network requests, which can lead to accidental exposure of credentials.
- [EXTERNAL_DOWNLOADS]: The skill suggests using 'softwareupdate' and 'curl' to interact with remote endpoints for updates and scanning, which involves downloading and potentially executing external content.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection through its processing of external file paths and application identifiers. Ingestion points: File paths and application names passed to system tools like xattr and codesign. Boundary markers: None identified. Capability inventory: Execution of high-privilege commands including sudo, tccutil, and xattr. Sanitization: No input validation or escaping logic is defined for the command arguments.
Recommendations
- AI detected serious security threats
Audit Metadata