sag
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
sagbinary to perform text-to-speech operations and generate audio files. - Evidence: Instructs the agent to execute shell commands such as
sag -v Clawd -o /tmp/voice-reply.mp3 "Your message here"to produce voice responses. - [EXTERNAL_DOWNLOADS]: The skill requires an external utility that is downloaded from a third-party repository.
- Evidence: The installation metadata specifies the
steipete/tap/sagformula to be installed via the Homebrew package manager. - [PROMPT_INJECTION]: The skill exposes a surface for indirect prompt injection by interpolating user-provided text into a command-line argument.
- Ingestion points: User-specified messages for the text-to-speech conversion located in
SKILL.md. - Boundary markers: The instructions employ double quotes as delimiters for the message string.
- Capability inventory: The skill performs subprocess execution of the
sagtool and writes output files to the/tmp/directory. - Sanitization: The skill does not provide explicit escaping or validation logic for the input strings, relying instead on the agent's command execution safety protocols.
Audit Metadata