sag
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configuration specifies the installation of the
sagutility via a Homebrew tap (steipete/tap/sag). This resource is owned by the skill author. - [COMMAND_EXECUTION]: The skill uses the
sagbinary to generate audio files, list voices, and provide model-specific tips. It includes a specific workflow for generating audio replies to/tmp/voice-reply.mp3. - [PROMPT_INJECTION]: The skill contains instructions that interpolate user-provided text into a shell command template (
sag ... "Your message here"). This represents a surface for indirect prompt injection or command injection if the agent does not properly escape metacharacters in the user's message. - Ingestion points: User requests for specific voice responses (e.g., "explain in a crazy scientist voice").
- Boundary markers: None are defined in the command execution example.
- Capability inventory: Execution of the
sagbinary with the ability to write output files to the local filesystem. - Sanitization: The skill does not provide explicit instructions for sanitizing or escaping user-provided strings before they are passed to the shell.
Audit Metadata