automating-pages
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is susceptible to indirect prompt injection when processing Apple Pages documents from untrusted sources.\n
- Ingestion points: Documents are opened using 'Pages.open()' as shown in 'references/pages-basics.md' and 'references/pages-template-strategy.md'.\n
- Boundary markers: No delimiters or isolation measures are used to separate document content from agent instructions.\n
- Capability inventory: High-privilege operations include file system modification ('doc.save'), document export, and arbitrary code execution via 'runScript' in 'references/pages-advanced.md'.\n
- Sanitization: There is no evidence of sanitization or filtering of document text before it is processed or used in operations.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Recommends the installation of the 'pyxa' Python package (pip install pyxa) in 'references/pages-pyxa.md', which is an external dependency from a non-whitelisted source.\n- [COMMAND_EXECUTION] (MEDIUM): Uses 'System Events' for UI automation (keystroke simulation) and an AppleScript bridge ('runScript') to execute raw code strings. These methods can bypass standard API security constraints and provide deep system access.
Recommendations
- AI detected serious security threats
Audit Metadata