apple-photos
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the 'osascript' command to execute AppleScript for automating the Apple Photos application. This includes searching for media, listing albums, and exporting files to a local directory (e.g., '/Users/me/Desktop/export/').
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8). Evidence chain: 1. Ingestion points: User-provided strings for search queries and album names are interpolated into script templates in 'SKILL.md'. 2. Boundary markers: No delimiters or boundary markers are used to separate user data from the AppleScript logic. 3. Capability inventory: The skill has 'COMMAND_EXECUTION' capabilities via 'osascript', allowing it to read and write data within the Photos library and filesystem. 4. Sanitization: No sanitization or escaping is applied to user-provided input before it is inserted into the command strings. An attacker could provide a crafted query to escape the string literals in the AppleScript and execute unauthorized commands.
Audit Metadata