Skills
skills/vinitu/macos-photos-skill/macos-photos/Gen Agent Trust Hub

macos-photos

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill relies on the macOS osascript command to execute AppleScript for automating Photos.app. The scripts use standard application-specific commands (e.g., make new album, export, import) and do not utilize dangerous shell-execution functions like do shell script within the AppleScript code.
  • [DATA_EXPOSURE]: The skill can read photo metadata (including location data and descriptions) and export files from the library to the local filesystem. This behavior is documented and aligns with the skill's primary purpose of photo management.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the Photos library (such as user-defined filenames, descriptions, and keywords) which could potentially contain indirect prompt injection payloads. However, the skill lacks high-risk capabilities like network exfiltration or arbitrary system command execution that would be required to exploit this surface maliciously.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:27 PM