Skills
skills/vinitu/macos-pages-skill/macos-pages/Gen Agent Trust Hub

macos-pages

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on osascript to interface with the macOS Pages application. This allows for automated document manipulation, which is the primary purpose of the skill, but executes commands in the local user context.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads raw text from documents without sanitization.
  • Ingestion points: The script scripts/document/get-text.applescript and the command in SKILL.md read the entire body text of a document into the agent's context.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when reading document content.
  • Capability inventory: The skill has capabilities to write files (export-pdf.applescript, save.applescript), modify document content (add-text.applescript), and manage document passwords.
  • Sanitization: There is no evidence of content validation or escaping before document text is processed by the agent.
  • [CREDENTIALS_UNSAFE]: The scripts set-password.applescript and remove-password.applescript accept passwords as command-line arguments. This is an insecure practice as arguments may be visible in process listings or system logs.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:27 PM