sag
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill relies on an external binary,
sag, which is hosted in a third-party Homebrew tap (steipete/tap/sag) rather than an official or verified organization repository. - [COMMAND_EXECUTION]: To generate audio, the skill executes shell commands (e.g.,
sag -v Clawd -o /tmp/voice-reply.mp3 "...") that interpolate strings directly into the command line. - [PROMPT_INJECTION]: The design of the skill creates a surface for indirect prompt injection, as untrusted user input is passed into a shell environment.
- Ingestion points: User-provided text meant for voice synthesis as described in
SKILL.md. - Boundary markers: None are specified to separate user data from the command structure.
- Capability inventory: Shell execution of the
sagutility with the ability to write files to the/tmpdirectory. - Sanitization: There are no instructions or mechanisms provided to sanitize or escape shell metacharacters in the user input.
Audit Metadata