macos-setup
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The skill references a third-party Homebrew tap
danielfoehrkn/switch. While Homebrew taps are a standard extension mechanism, this specific repository is outside the predefined trusted organizations list and should be manually verified. - [COMMAND_EXECUTION] (LOW): The skill contains extensive shell commands for environment configuration and software installation. These commands include package installations and command substitution (e.g., finding the latest Go version via
goenv). Users should review the specific packages to ensure they align with their security posture. - [EXTERNAL_DOWNLOADS] (INFO): The skill utilizes official package managers (npm, uv, brew) to fetch standard development dependencies and applications from public registries.
- [INDIRECT_PROMPT_INJECTION] (LOW): The 'Custom Preset' section defines a YAML schema allowing users to specify lists of CLI tools and apps. If an agent processes user-provided presets using this schema and executes the resulting list without strict validation or allowlisting, it could lead to the installation of unauthorized or malicious software (Category 8 surface).
Audit Metadata