Skills
skills/aradotso/trending-skills/syswatch-terminal-diagnostics/Gen Agent Trust Hub

syswatch-terminal-diagnostics

Warn

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the agent to clone source code from a third-party GitHub repository (github.com/matthart1983/syswatch.git) which is not associated with a known trusted vendor.
  • [REMOTE_CODE_EXECUTION]: The installation process requires the agent to compile the downloaded source using cargo build and execute the generated binary (./target/release/syswatch). This represents a download-and-execute pattern for untrusted code.
  • [COMMAND_EXECUTION]: The documentation specifies that certain diagnostic features on macOS (such as fan speeds and per-component power) require execution with elevated privileges via sudo powermetrics.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted system data that could influence agent behavior if the agent parses the tool's output.
  • Ingestion points: Process names, service statuses, and filesystem labels are read from the host system (SKILL.md).
  • Boundary markers: Absent; there are no delimiters or instructions to ignore embedded content in the system data.
  • Capability inventory: Compilation (cargo), network access (git clone), and binary execution.
  • Sanitization: Absent; the skill does not describe any validation or escaping of system-derived strings before they are processed.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 4, 2026, 12:55 AM