apple-numbers
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection. Ingestion points: scripts/read-numbers.js reads data from external .numbers files. Boundary markers: Absent; cell data is returned as raw JSON values. Capability inventory: scripts/write-numbers.js and scripts/create-numbers.js provide file writing and creation. Sanitization: Absent; content from spreadsheets is passed directly to the agent context.
- [COMMAND_EXECUTION]: The skill uses osascript to execute JXA scripts for Numbers automation. While shell arguments in scripts/read-numbers.sh are quoted to prevent command injection, the skill relies on the ability to execute system-level scripts to perform its functions.
Audit Metadata