macos-photos
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it retrieves and processes untrusted data from the Photos library.
- Ingestion points: Metadata retrieval commands in SKILL.md and the scripts/media/get.applescript script, which read photo descriptions and keywords.
- Boundary markers: None. The retrieved metadata is directly concatenated into the output string returned to the agent.
- Capability inventory: The skill possesses capabilities that could be abused if an injection is successful, including album deletion (scripts/album/delete.applescript) and file exporting (scripts/media/export.applescript).
- Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved metadata to prevent it from being interpreted as instructions.
- [COMMAND_EXECUTION]: The skill executes osascript commands to interact with the macOS Photos application. This requires the user to grant explicit 'Automation' permissions in macOS System Settings for the terminal or agent environment to control Photos.
Audit Metadata