macbroom
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bash(macbroom:*)tool to perform system cleanup and maintenance tasks, granting the agent the ability to execute specific subcommands on the host. - [EXTERNAL_DOWNLOADS]: The skill references the author's Homebrew tap (
lu-zhengda/tap/macbroom) for installing the required CLI utility, which is a verified vendor resource. - [PROMPT_INJECTION]: The skill instructs the agent to analyze output from the
macbroom scancommand, which introduces a potential surface for indirect prompt injection if the tool encounters maliciously named files during a system scan. - Ingestion points: Data returned by the
macbroom scancommand as specified in the SKILL.md instructions. - Boundary markers: The skill lacks explicit delimiters or instructions for the agent to treat tool output as untrusted data.
- Capability inventory: The agent is authorized to use
Bashto executemacbroomsubcommands for system modification. - Sanitization: There is no evidence of sanitization or filtering applied to the CLI tool's output before it is processed by the agent.
Audit Metadata