skill-launcher
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes a local binary in the background using 'nohup'. This creates a persistent process that runs independently of the agent session, which could be used to hide malicious activity.
- [DYNAMIC_EXECUTION] (MEDIUM): The instructions require a manual build step ('swift build') to compile code on the host system. Executing or compiling unverified local source code is a security risk.
- [PRIVILEGE_ESCALATION] (LOW): The skill documentation explicitly notes that 'Accessibility' permissions are required. While common for launcher applications, this permission allows for monitoring keystrokes and controlling other applications.
Audit Metadata