homebrew-cask-authoring
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute shell commands including 'brew', 'git', 'ln', and 'rm' to facilitate the Homebrew Cask development and contribution process, such as symlinking local repository checkouts to Homebrew tap directories.\n- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface as it generates executable Ruby code (Homebrew Casks) based on untrusted user-provided strings like app names and download URLs. \n
- Ingestion points: User-supplied metadata for the application, version, and download source in 'SKILL.md' (Quick intake section). \n
- Boundary markers: Absent; user input is directly interpolated into Ruby code blocks without specific escaping or delimiters to prevent injection. \n
- Capability inventory: The generated Ruby file is executed on the system via 'brew install', 'brew audit', and 'brew style' commands. \n
- Sanitization: Absent; the skill does not describe any validation or sanitization procedures for the user-provided data before it is inserted into the template.
Audit Metadata