homebrew
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill enables the agent to execute administrative commands such as 'brew install', 'brew upgrade', and 'brew uninstall' to modify the system software environment. Additionally, the 'brew edit' and 'brew create' commands allow the agent to interact with or generate Ruby scripts that are executed by the Homebrew system.
- [EXTERNAL_DOWNLOADS]: The agent is instructed to fetch software binaries and package metadata from the official Homebrew registry and community-maintained 'taps' using 'brew update' and 'brew install'.
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface. (1) Ingestion points: Untrusted data enters the agent's context through package names and descriptions retrieved via 'brew info' or 'brew search'. (2) Boundary markers: No delimiters are specified to distinguish external command output from the agent's system instructions. (3) Capability inventory: The agent has the capability to install software, modify system configurations, and edit formula files. (4) Sanitization: There is no evidence of logic to sanitize, escape, or validate the content of package metadata before it is processed.
Audit Metadata