sag
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill metadata includes an installation command that fetches the 'sag' utility from a third-party Homebrew tap ('steipete/tap/sag').
- [COMMAND_EXECUTION]: The skill uses shell commands to invoke the 'sag' binary, passing user-provided strings as arguments to generate speech audio.
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection due to the direct interpolation of untrusted user input into shell commands.
- Ingestion points: User-provided text content intended for conversion to speech in SKILL.md.
- Boundary markers: The command template uses double quotes to wrap the input string.
- Capability inventory: The skill has the ability to execute the 'sag' subprocess and write audio files to the system's temporary directory.
- Sanitization: No explicit shell escaping or input validation is specified in the skill's instructions to prevent command injection.
Audit Metadata