ears
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
audiosnap/audiosnap-wrapper.shcontains a hardcoded absolute file path (/Users/han1/clawd/audiosnap/.build/release/audiosnap). This reveals the author's local username and will likely cause execution failures on other systems. - [COMMAND_EXECUTION]: The
audiosnap/audiosnap-wrapper.shtool utilizes AppleScript viaosascriptto execute commands inside theTerminal.appprocess. This is a deliberate technique to bypass macOS Transparency, Consent, and Control (TCC) permissions for Screen Recording by inheriting the permissions granted to the Terminal application. - [EXTERNAL_DOWNLOADS]: The
audiosnap/podsnap.pyscript executes theyt-dlputility with the--remote-components "ejs:github"flag. This configuration allows the tool to download and execute remote components or plugins from GitHub at runtime, which is an unverified external code loading mechanism. - [PROMPT_INJECTION]: The skill contains a vulnerability surface for indirect prompt injection via the
podsnap.pytranscription tool. - Ingestion points: Processes untrusted audio and video content from external URLs (YouTube, Bilibili, Xiaoyuzhou).
- Boundary markers: None; transcribed text is returned as raw output to the agent.
- Capability inventory: The skill possesses extensive capabilities, including system audio control, file system modification, and network access across multiple platforms.
- Sanitization: No filtering or sanitization is performed on the transcribed content to prevent the agent from executing instructions found within the processed media.
Audit Metadata