The Agent Skills Directory

[PRIVILEGE_ESCALATION]: The skill uses sudo commands to remove diagnostic logs and system caches in the references/cleanup-tiers.md file (Tier 6). While documented for system maintenance, this provides a path for elevated file system modification.
[PERSISTENCE]: The skill installs a macOS LaunchAgent (com.local.mac-health-check.plist) to run its monitoring script persistently every five minutes across system reboots.
[COMMAND_EXECUTION]: The skill utilizes launchctl to load and manage background processes and performs various shell-based system audits using tools like df, memory_pressure, and sysctl.
[EXTERNAL_DOWNLOADS]: The documentation recommends downloading and installing external utilities (alerter, mole, and stats) from third-party GitHub repositories via Homebrew to support its functionality.
[DATA_EXFILTRATION]: The monitoring script assets/mac-health-check supports an optional NTFY_URL to send system health alerts to a remote ntfy.sh endpoint. While intended for user notifications, this provides a mechanism for transmitting system data externally.
[TIME_DELAYED_ATTACKS]: The script includes a CALIBRATION_DAYS parameter (defaulting to 7 days) which suppresses active notifications during an initial window, a behavior that gates visible activity based on installation age.
[INDIRECT_PROMPT_INJECTION]: The skill's triage and monitoring workflows ingest data from system logs and diagnostic reports (JetsamEvent-*.ips).
Ingestion points: Reads files from /Library/Logs/DiagnosticReports/ in assets/mac-health-check and references/triage.md.
Boundary markers: None identified in the log-reading instructions.
Capability inventory: Significant capabilities including sudo file deletion, persistence via LaunchAgents, and network access via curl.
Sanitization: The script uses grep for specific health signals, but the agent's manual parsing of panic logs lacks explicit sanitization instructions.

maintaining-macos-health