vp-macos-clean-uninstall
Warn
Audited by Gen Agent Trust Hub on May 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes 'sudo' to perform administrative actions such as unloading system-level launch daemons via 'launchctl' and removing package receipts via 'pkgutil'.
- [REMOTE_CODE_EXECUTION]: The removal workflow is designed to locate and execute 'bundled uninstallers' found within third-party application bundles (e.g., '.app/Contents/'), which constitutes execution of code external to the skill.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it incorporates untrusted filesystem data into shell commands and agent context.
- Ingestion points: Application filenames, directory names, and bundle identifiers are ingested from the filesystem using 'find', 'mdls', and 'defaults read' in Phase 1 and Phase 3.
- Boundary markers: The skill uses labeled output sections (e.g., '=== Homebrew cask ===') to delimit data from different detection sources.
- Capability inventory: The agent has the ability to delete files ('rm -rf'), move files to the Trash, and execute privileged system commands ('sudo').
- Sanitization: While the skill includes presence checks for variables (e.g., ': ${APP_NAME:?}') and uses delimiters for some commands, it does not consistently escape or sanitize filenames and bundle IDs before they are interpolated into shell strings.
Audit Metadata