kakaotalk-mac
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the third-party tool
kakaoclivia an external Homebrew tap (silver-flight-group/tap/kakaocli). This introduces a dependency on code from an unverified source. - [COMMAND_EXECUTION]: The skill makes extensive use of the system shell to execute commands including
brew,mas, andkakaocli. This is the primary mechanism for both installation and message management. - [DATA_EXFILTRATION]: The skill requires the user to grant "Full Disk Access" to the terminal application to read local KakaoTalk databases. While necessary for the skill's stated purpose, this provides access to sensitive personal communications and metadata stored locally.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes external chat messages which could contain malicious instructions designed to influence the agent's behavior.
- Ingestion points: Untrusted message content is retrieved from the local database using
kakaocli messagesandkakaocli search(SKILL.md). - Boundary markers: No boundary markers or "ignore embedded instructions" warnings are used when reading chat data.
- Capability inventory: The skill has the capability to send outgoing messages to any contact using
kakaocli send(SKILL.md). - Sanitization: There is no evidence of sanitization, escaping, or validation of the chat content before it is processed by the agent.
Audit Metadata