open
Pass
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the macOS
openutility to launch files, applications, or URLs. It handles user-provided parameters securely by quoting variables and usingjqfor robust JSON parsing, which prevents shell command injection vulnerabilities. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it executes system actions based on potentially untrusted input (the
targetparameter). - Ingestion points: The
targetandappparameters inopen_cli.shreceive input that could be controlled by an external source. - Boundary markers: The implementation lacks delimiters or warnings to prevent the agent from acting on instructions embedded within processed data.
- Capability inventory: The skill can launch any local executable, open any file, or navigate to any URL via the
opencommand. - Sanitization: The script does not validate the protocol of URLs or the location of files before passing them to the system utility.
Audit Metadata