mac-control
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes macOS system commands and AppleScript to manage applications and system state (e.g.,
open_app,close_app,set_volume). It includes safeguards such as blocking dangerous keywords (rm, sudo) and validating application names against the /Applications/ directory. - [DATA_EXFILTRATION]: The skill possesses the capability to read sensitive user information through
get_clipboard()andtake_screenshot(). These operations expose local data to the agent's context, which is necessary for the skill's intended automation workflows. - [INDIRECT_PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection by ingesting untrusted data from the system clipboard and file system metadata via
spotlight_search. - Ingestion points: System clipboard contents (
get_clipboard), file search results and metadata (spotlight_search). - Boundary markers: No specific boundary markers or 'ignore' instructions are mentioned for the ingested data.
- Capability inventory: File system access, application control, clipboard modification, and notification dispatching.
- Sanitization: The skill documents that AppleScript strings are sanitized and shell=True is avoided to prevent direct command injection.
Audit Metadata