Skills
skills/ypyt1/all-skills/alter-action-trigger/Gen Agent Trust Hub

alter-action-trigger

Pass

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: SAFENO_CODECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [NO_CODE]: The skill package contains documentation (SKILL.md) and configuration (.clawhub/origin.json) but does not include the functional source code (index.js) described in the usage examples.
  • [COMMAND_EXECUTION]: According to the documentation, the skill triggers app actions via the macOS open command. Without the source code, the handling of input parameters (e.g., shell escaping) cannot be verified, though the intended use case is standard.
  • [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by acting as a proxy that forwards user-provided text to various AI actions within the external Alter app. 1. Ingestion points: The input and params arguments in the triggerAction function and CLI commands. 2. Boundary markers: No boundary markers or 'ignore instructions' delimiters are mentioned in the documentation. 3. Capability inventory: Execution of the macOS open command to trigger x-callback-urls. 4. Sanitization: Unknown as the implementation logic is missing from the provided files.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 1, 2026, 01:37 AM