mdfind-search
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing various macOS system commands including mdfind, mdimport, mdutil, grep, head, and xargs to interact with the Spotlight index and process search results.
- [PROMPT_INJECTION]: This skill presents an indirect prompt injection surface by processing content from the local filesystem that could contain malicious instructions.
- Ingestion points: File paths and document contents (metadata and text) indexed by macOS Spotlight and retrieved via the mdfind tool.
- Boundary markers: Absent; the skill does not define specific delimiters or instructions for the agent to ignore potentially malicious content found within searched files.
- Capability inventory: Shell command execution via mdfind and other CLI utilities, potentially combined with file-reading tools.
- Sanitization: Absent; no mechanism is provided to sanitize or validate the content of files before they are processed by the agent.
- [DATA_EXFILTRATION]: The search functionality allows for machine-wide searches (by omitting the -onlyin flag), which could inadvertently expose sensitive user data such as private keys (
/.ssh), credentials (/.aws), or environment secrets (.env) to the agent context.
Audit Metadata