applescript
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the osascript utility to execute arbitrary AppleScript and JXA code, which includes the capability to run shell commands on the host system via the do shell script instruction.
- [DATA_EXFILTRATION]: The skill provides patterns for accessing sensitive user and system information, such as active Safari tab URLs, Wi-Fi network names, and local file paths through Finder interactions.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to the ingestion of external data without proper sanitization. 1. Ingestion points: Safari tab URLs and Finder file paths. 2. Boundary markers: No delimiters or protective instructions are used for processed external content. 3. Capability inventory: High-privilege execution of AppleScript and shell commands. 4. Sanitization: No sanitization or validation of the ingested strings is performed before processing.
Audit Metadata