macos-finder
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on
osascriptto execute AppleScript commands for interacting with the macOS Finder. This allows for extensive file system management, including listing contents, creating, moving, copying, renaming, and deleting files and folders. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes data from the file system that may be controlled by an external source. A malicious file name or comment could contain instructions designed to influence the agent's behavior.
- Ingestion points: Directory listings in
scripts/item/list.applescript, file/folder properties inscripts/item/info.applescript, Spotlight comments inscripts/item/comment.applescript, and currently selected items inscripts/application/selection.applescript. - Boundary markers: None identified; there are no explicit instructions for the agent to treat these inputs as data rather than instructions.
- Capability inventory: The skill can create, move, copy, rename, and delete files, open files with arbitrary applications, and empty the trash. All operations are performed via
osascriptsubprocess calls. - Sanitization: No sanitization or validation of the ingested metadata (like file names or comments) is performed before it is used by the agent.
Audit Metadata