launch
Warn
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains 'Self-Evolving Skill' instructions that direct the agent to 'fix this file immediately' if execution logic fails. This encourages the agent to perform unauthorized writes to its own instruction set based on runtime feedback, which can be exploited to introduce persistent malicious logic or bypass intended constraints.
- [PROMPT_INJECTION]: In the 'Post-Execution Reflection' section, the agent is instructed to 'document the bypass' if a macOS Gatekeeper prompt occurs. Gatekeeper is a security feature designed to prevent the execution of untrusted software; instructions that encourage or facilitate the subversion of OS-level security controls are highly suspicious.
- [COMMAND_EXECUTION]: The script uses the
opencommand to execute an application located within the agent's local plugin directory ($HOME/.claude/plugins/...). While this facilitates the tool's functionality, execution of code from the agent's own environment should be monitored, especially when combined with instructions to bypass security warnings.
Audit Metadata