kakaotalk-mac
Warn
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the installation of
kakaoclifrom an unverified third-party Homebrew tap (silver-flight-group/tap/kakaocli). This introduces a supply chain risk as the binary or scripts are hosted outside of official vendor or well-known repositories. - [COMMAND_EXECUTION]: The skill performs multiple shell operations including software installation via
brewandmas, and system interaction using thekakaoclitool. These commands run with the permissions granted to the terminal environment. - [DATA_EXFILTRATION]: To function, the skill explicitly requires the user to grant Full Disk Access and Accessibility permissions to the terminal. These are high-privilege permissions that allow reading the KakaoTalk local database and programmatically interacting with the UI. While required for the stated purpose, they grant the agent and the third-party tool broad access to sensitive personal communication data.
- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection because it ingests and processes untrusted data from KakaoTalk chat messages.
- Ingestion points: External messages retrieved via
kakaocli messagesandkakaocli search(SKILL.md). - Boundary markers: None identified; instructions do not specify using delimiters or ignore-instructions for the message content.
- Capability inventory: Shell command execution, local file system access (database read), and network-adjacent message sending (SKILL.md).
- Sanitization: No sanitization or validation of the message content is mentioned before the agent processes it.
Audit Metadata