osascript
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill is designed to run arbitrary
osascriptcommands. In macOS, AppleScript is a powerful automation tool that can access private application data (like Notes, Safari history, or Mail), modify files, and execute shell commands via thedo shell scriptfunction, effectively granting full user-level access to the system. - [PROMPT_INJECTION] (HIGH): The skill lacks any input validation, sanitization, or boundary markers. It explicitly instructs the agent to "Run any osascript command the user needs," which is a direct vector for Indirect Prompt Injection. A malicious document or message processed by an agent using this skill could command the Mac to exfiltrate data or install malware.
- [DATA_EXPOSURE] (MEDIUM): Through the Finder and application-specific AppleScript dictionaries, this skill can be used to locate and read sensitive files, environment variables, or configuration secrets stored on the machine.
Recommendations
- AI detected serious security threats
Audit Metadata