sag
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
sagutility from a third-party Homebrew tap (steipete/tap/sag) which is not on the trusted vendors list. - [COMMAND_EXECUTION]: The skill relies on shell execution of the
sagCLI binary to perform its primary text-to-speech functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection and shell command injection because it suggests interpolating user-controlled text directly into a bash command string without sanitization. 1. Ingestion points: User-provided text strings in the 'Chat voice responses' section of
SKILL.md. 2. Boundary markers: No delimiters or instructions to ignore embedded commands are provided for the interpolated text. 3. Capability inventory: Execution of shell commands via thesagbinary. 4. Sanitization: The skill does not describe any sanitization, escaping, or validation of user-provided strings before they are executed in the shell.
Audit Metadata