Skills
skills/moulik-budhiraja/osx-query/osxquery/Gen Agent Trust Hub

osxquery

Pass

Audited by Gen Agent Trust Hub on Mar 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill directs the agent to interact with the host system using the osx CLI and the screencapture utility for UI automation and state verification as described in SKILL.md and the usage references.
  • [DATA_EXFILTRATION]: Functional risk of sensitive data exposure through UI scraping and desktop screenshots. The osx query and read commands allow the agent to extract text and attributes from any active application window, and the screencapture policy in SKILL.md can capture personal or confidential information visible on screen.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection due to the processing of untrusted host data. 1. Ingestion points: Results from osx query and attribute reading found in references/osxquery-query-usage.md. 2. Boundary markers: Absent; no specific delimiters or instructions exist to separate UI content from system instructions. 3. Capability inventory: High impact capabilities including typing, clicks, and application lifecycle management via osx action. 4. Sanitization: Absent; no filtering or escaping of UI-ingested text is prescribed.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 13, 2026, 06:02 PM