monitor-config
Warn
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- COMMAND_EXECUTION (LOW): The skill's core function is to execute shell commands via the
displayplacerCLI to manage hardware settings. This is associated with the primary intended use case.\n- EXTERNAL_DOWNLOADS (LOW): The skill suggests installingdisplayplacervia Homebrew. While Homebrew is a common package manager, the utility itself is a third-party dependency not from a pre-defined trusted organization.\n- Persistence (MEDIUM): The skill creates shell scripts in~/.config/display-profilesand recommends adding shell aliases to the user's environment. These are environment persistence and modification techniques that require review before use.\n- Indirect Prompt Injection (LOW): \n - Ingestion points: Data is ingested from the output of the
displayplacer listcommand and from user-provided strings for resolution and coordinates.\n - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the script or workflow.\n
- Capability inventory: The skill can execute shell commands, create directories, and write new executable shell scripts.\n
- Sanitization: No sanitization or validation is performed on external data or user input before interpolation into shell commands.
Audit Metadata