script
Fail
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill implements persistence mechanisms by generating and loading launchd configuration files (.plist) in the user's Library/LaunchAgents directory to facilitate recurring background execution of agent logic (Phase 7 in SKILL.md).
- [COMMAND_EXECUTION]: Shell commands for media downloading and transcription (yt-dlp and whisper) are executed using URLs provided by the user or scraped from Instagram, presenting a surface for command injection (Phase 3, 4 in SKILL.md; Step 1 in hooks.md).
- [REMOTE_CODE_EXECUTION]: Fetches and executes the official Homebrew installation script from GitHub via bash (Phase 1 in SKILL.md).
- [EXTERNAL_DOWNLOADS]: Installs multiple dependencies at runtime, including yt-dlp, whisper (from the official OpenAI repository), and the perma-cron utility from the author's GitHub repository.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted transcripts from external videos. 1. Ingestion points: Video transcription logic in SKILL.md (Phase 3c, 4d) and hooks.md (Step 2). 2. Boundary markers: Absent; transcribed text is processed directly. 3. Capability inventory: The skill has extensive permissions including Bash execution, file writing, and tool editing. 4. Sanitization: No sanitization or validation is applied to the transcribed content before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata