The Agent Skills Directory

[Persistence Mechanisms] (MEDIUM): The file references/launchd-patterns.md provides complete templates for creating LaunchAgents and LaunchDaemons. These allow scripts to execute automatically at login or boot, providing a standard mechanism for persistence on macOS. While intended for administration, these patterns are commonly used in malware for maintaining access.
[Privilege Escalation] (MEDIUM): Multiple files (e.g., references/macos-commands.md) provide instructions for using sudo to perform high-privilege tasks, such as rebuilding Spotlight indexes, flushing DNS caches, and scheduling system shutdowns. It also mentions csrutil disable for bypassing System Integrity Protection (SIP).
[Data Exposure] (LOW): The security command reference in references/macos-commands.md documents how to retrieve passwords from the macOS Keychain (security find-generic-password). While useful for automation, this represents a significant data exposure risk if the agent is instructed to exfiltrate these secrets.
[Command Execution] (LOW): The skill heavily emphasizes shell scripting and provides patterns for osascript (AppleScript), which can be used to control other applications and bypass certain UI-based security prompts.
[External Downloads] (LOW): References to Homebrew (brew install) and curl are present. These allow the agent to download and install third-party software and communicate with external servers.
[Indirect Prompt Injection] (LOW):
Ingestion points: The skill facilitates reading command outputs (pbpaste, cat, while read) which could contain untrusted data.
Boundary markers: Templates lack explicit markers or warnings to ignore embedded instructions in processed data.
Capability inventory: Full access to shell execution, file system writes, and network operations via curl.
Sanitization: Recommends defensive shell practices (set -euo pipefail), but does not include specific sanitization logic for external input.

unix-macos-engineer