macos-pages
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on
osascriptto send AppleScript commands to Pages.app. This is the standard and documented method for macOS application automation.\n- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it processes untrusted data from document bodies.\n - Ingestion points: Body text is retrieved from the front document in
scripts/document/get-text.applescript.\n - Boundary markers: Absent; text is returned without delimiters or safety warnings.\n
- Capability inventory: The skill can write files (
save.applescript,export-pdf.applescript), read files (open.applescript), and change document passwords (set-password.applescript).\n - Sanitization: No sanitization is performed on document text before it is provided to the agent.\n- [DATA_EXFILTRATION]: The skill can read document content (
get-text.applescript) and properties (get-properties.applescript), including the file path. While this is necessary for its functionality, it provides the agent with access to potentially sensitive information stored within the user's documents.
Audit Metadata