unix-macos-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill provides detailed patterns for executing powerful system commands including
osascript(AppleScript),defaults(system preferences), andlaunchctl(service management). While these facilitate deep system modification, they are provided as instructional templates for the user. - [EXTERNAL_DOWNLOADS] (LOW): Reference materials include usage of
curlandHomebrew(brew install) for fetching remote data and installing third-party packages. No instances of 'curl | bash' or other dangerous remote execution patterns were found. - [CREDENTIALS_UNSAFE] (LOW): The
references/macos-commands.mdfile documents thesecurityutility for interacting with the macOS Keychain. This includes commands to 'read password' and 'add to keychain'. While instructional, an agent acting on these commands could access sensitive credentials if directed by a user or an indirect injection. - [Indirect Prompt Injection] (LOW): The skill has a significant attack surface as it is designed to interact with system data that could be attacker-controlled.
- Ingestion points: Reads data via
pbpaste(clipboard),mdfind(Spotlight search/file contents), andcat(file reads). - Boundary markers: None present in the provided shell script templates.
- Capability inventory: Includes
sudofor privilege escalation,launchdfor persistence, andosascriptfor arbitrary execution. - Sanitization: Shell templates follow defensive practices (e.g.,
set -u, variable quoting) but do not include specific sanitization for LLM prompt injection targets.
Audit Metadata