sag
Pass
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of a third-party binary via the Homebrew tap 'steipete/tap/sag'.\n- [COMMAND_EXECUTION]: The skill performs text-to-speech by executing the 'sag' binary with user-supplied strings. This creates an indirect prompt injection surface where malicious input could potentially lead to command manipulation.\n
- Ingestion points: User-provided text is passed as an argument to the 'sag' command in the chat voice response examples in SKILL.md.\n
- Boundary markers: The skill documentation uses double quotes for arguments but lacks explicit instructions to the agent to escape or ignore instructions embedded within the user data.\n
- Capability inventory: The skill relies on the ability to execute the 'sag' subprocess and write audio files to the /tmp directory.\n
- Sanitization: No input sanitization or validation logic is defined within the skill's instructions to protect the command-line execution from shell metacharacters.
Audit Metadata