Skills
skills/yaklang/hack-skills/macos-process-injection/Gen Agent Trust Hub

macos-process-injection

Fail

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous scripts and code templates designed to execute arbitrary shell commands. Examples include C templates using system("/path/to/payload.sh"), Node.js snippets using child_process.execSync('id'), and osascript commands for automation-based injection.
  • [REMOTE_CODE_EXECUTION]: A Python script is provided that connects to an Electron application's debugging port via WebSockets to execute arbitrary code in the main process using the Chrome DevTools Protocol.
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to download and install the @electron/asar package from the NPM registry and execution via npx @electron/fuses to facilitate patching application files.
  • [PRIVILEGE_ESCALATION]: Detailed instructions are provided for gaining elevated capabilities, such as using task_for_pid to obtain task ports (requiring root) and exploiting XPC services via PID reuse attacks to bypass client validation and inherit TCC permissions.
  • [PROMPT_INJECTION]: The skill includes meta-instructions labeled as 'AI LOAD INSTRUCTION' intended to override the agent's default behavior and safety boundaries by forcing it to adopt an 'Expert Attack Playbook' persona for security bypassing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 9, 2026, 01:12 PM