seatbelt-sandboxer
Pass
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill is authored by a known security vendor (trailofbits) and is designed to improve the security posture of macOS applications through sandboxing.
- [COMMAND_EXECUTION]: The skill provides instructions for using the Bash tool to run the native macOS sandbox-exec command. This is used for the legitimate purpose of testing and enforcing the generated sandbox profiles.
- [EXTERNAL_DOWNLOADS]: The documentation contains a link to an external GitHub repository (github.com/rstackjs/rstack-examples) as a suggested source for test data. This is a static reference and does not trigger any automated or hidden network activity.
- [PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection because it transforms user-provided requirements into executable sandbox configurations.
- Ingestion points: User input describing application resource needs is processed to populate Seatbelt profiles.
- Boundary markers: No explicit delimiters or 'ignore' instructions are provided for user-sourced content.
- Capability inventory: The skill uses the Bash and Write tools to generate and execute configuration files.
- Sanitization: The methodology includes an iterative testing phase in 'Step 6' to verify that security restrictions are properly enforced, providing a manual check against malicious configurations.
Audit Metadata