sag
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the
sagbinary via shell commands using unvalidated user input (e.g.,sag "Your message here"). This pattern allows an attacker to perform shell injection by including metacharacters like semicolons, backticks, or pipes in the input string, potentially leading to unauthorized system access. - [EXTERNAL_DOWNLOADS]: The skill requires installing a tool from a third-party Homebrew tap (
steipete/tap/sag). As this source is not part of the established list of trusted organizations or well-known services, it constitutes an unverifiable dependency risk.
Recommendations
- AI detected serious security threats
Audit Metadata