sag
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a Homebrew tap (steipete/tap/sag) for installing the required CLI tool. This resource is maintained by the skill author and is consistent with the skill's purpose.
- [COMMAND_EXECUTION]: The skill facilitates the use of the sag binary to perform audio synthesis, voice selection, and configuration through shell commands.
- [PROMPT_INJECTION]: The instructions provide a template for executing shell commands where user-controlled text is used as an argument, creating a surface for indirect prompt injection.
- Ingestion points: User input for the TTS message (e.g., in the 'voice-reply' example) is intended to be used directly in a CLI command.
- Boundary markers: The template uses double quotes around the message string, which helps but does not fully mitigate shell injection if the input itself contains escaped characters or matching quotes.
- Capability inventory: The agent is instructed to execute shell commands and write output to the /tmp directory.
- Sanitization: The skill lacks explicit instructions for sanitizing or escaping the user's input before interpolation into the sag command.
Audit Metadata