Skills
skills/composiohq/awesome-codex-skills/agent-deep-links/Gen Agent Trust Hub

agent-deep-links

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use the /usr/libexec/PlistBuddy utility to read CFBundleURLTypes from application bundles and the open command to test URL schemes. These commands are executed locally to verify deep-link support.
  • [PROMPT_INJECTION]: The skill defines shell command templates in SKILL.md and references/deep-link-matrix.md that use placeholders like <App> and <scheme>. This creates a surface for indirect prompt injection where a malicious user could provide an application name or URL scheme containing shell metacharacters (e.g., backticks, command substitution, or semicolons) to execute arbitrary commands.
  • Ingestion points: User-provided application names or deep-link schemes in the workflow.
  • Boundary markers: None provided in the command templates.
  • Capability inventory: Execution of PlistBuddy and open via shell.
  • Sanitization: No instructions are provided to sanitize or validate the user-provided strings before interpolation into shell commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 09:57 AM