The Agent Skills Directory

Privilege Escalation (HIGH): The command mo touchid is explicitly designed to configure Touch ID for sudo access, which involves modifying sensitive system configuration files. Additionally, mo optimize performs actions like removing swap files and resetting network services, which typically require elevated privileges.
Indirect Prompt Injection (HIGH): This skill exhibits a high-risk indirect injection surface.
Ingestion points: mo installer and mo clean scan user-controlled directories including ~/Downloads, Mail attachments, and iCloud. These filenames and paths are processed by the agent.
Boundary markers: Absent. There are no delimiters or instructions to ignore content within processed file paths.
Capability inventory: The skill allows for recursive file deletion (mo clean, mo purge), system service restarts, and sudo configuration modification.
Sanitization: Absent. No evidence of path validation or filename escaping before processing.
Data Exposure & Exfiltration (HIGH): The mo installer command specifically targets sensitive areas like Mail attachments and iCloud. An agent could be manipulated via malicious filenames in these directories to expose file lists or delete critical data.
Remote Code Execution & External Downloads (MEDIUM): The skill includes an mo update command which downloads and executes updates from an external repository. While Homebrew is a common source, the mo update command within the binary bypasses standard package manager controls.
Command Execution (HIGH): The skill provides broad authority to delete files (mo clean, mo purge) and modify system states (mo optimize) based on the agent's interpretation of system data.

mole-mac-cleanup