sag
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill's metadata specifies the installation of a binary from a third-party Homebrew repository (
steipete/tap/sag). This introduces a dependency on external code maintained by a third-party individual rather than a known major organization. - [COMMAND_EXECUTION]: The skill provides instructions for the agent to execute shell commands (e.g.,
sag -v Clawd -o /tmp/voice-reply.mp3 "Your message here") to generate audio responses. Because the command template interpolates user-provided text within double quotes, it is vulnerable to shell command injection. If an attacker provides input containing shell metacharacters such as backticks (`) or subshell syntax ($()), they could execute arbitrary commands on the host system. The skill lacks instructions for the agent to sanitize or escape these inputs before execution.
Audit Metadata