hammerspoon
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWCOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill utilizes the 'hs' CLI tool to execute Lua commands, which allows for shell script execution via 'os.execute' and full control over system automation APIs.\n- DATA_EXPOSURE (LOW): The skill accesses and manages files within the '~/.config/hammerspoon/' directory to configure automation modules, which is standard for configuration management.\n- INDIRECT_PROMPT_INJECTION (LOW): The 'leader-dsl' system automatically registers and executes code from files located in the 'clues/' subdirectory. While these are local files, this mechanism presents a surface where instructions placed in these files by other processes or skills would be executed by the Hammerspoon environment.
Audit Metadata