skills/steipete/clawdis/sag/Gen Agent Trust Hub

sag

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references a Homebrew tap (steipete/tap/sag) for installing the required CLI tool. This resource is maintained by the skill author and is consistent with the skill's purpose.
  • [COMMAND_EXECUTION]: The skill facilitates the use of the sag binary to perform audio synthesis, voice selection, and configuration through shell commands.
  • [PROMPT_INJECTION]: The instructions provide a template for executing shell commands where user-controlled text is used as an argument, creating a surface for indirect prompt injection.
  • Ingestion points: User input for the TTS message (e.g., in the 'voice-reply' example) is intended to be used directly in a CLI command.
  • Boundary markers: The template uses double quotes around the message string, which helps but does not fully mitigate shell injection if the input itself contains escaped characters or matching quotes.
  • Capability inventory: The agent is instructed to execute shell commands and write output to the /tmp directory.
  • Sanitization: The skill lacks explicit instructions for sanitizing or escaping the user's input before interpolation into the sag command.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 05:39 PM
Security Audit — agent-trust-hub — sag