swiftbar
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions for creating and modifying shell and Python scripts, including the use of "chmod +x" to make them executable.\n- [COMMAND_EXECUTION]: Documents the SwiftBar output protocol's "bash" parameter, which allows menu items to trigger local command execution when clicked.\n- [EXTERNAL_DOWNLOADS]: Includes patterns for fetching data from external APIs using "curl" and Python's "urllib.request" to populate menu bar items.\n- [PROMPT_INJECTION]: Documents a surface for processing untrusted data from external sources.\n
- Ingestion points: External APIs (e.g., OpenWeatherMap, Hacker News) as shown in the patterns and evaluation prompts.\n
- Boundary markers: None explicitly required in the provided templates; scripts output raw text for the menu bar protocol.\n
- Capability inventory: Local file access via SWIFTBAR_PLUGIN_DATA_PATH, network requests via curl/urllib, and shell command execution via the bash parameter.\n
- Sanitization: Examples do not demonstrate explicit sanitization of external content before formatting it into the SwiftBar display protocol.
Audit Metadata