Skills
skills/vinitu/macos-terminal-skill/macos-terminal/Gen Agent Trust Hub

macos-terminal

Warn

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/window/run-script.applescript uses the AppleScript do script command to execute arbitrary text as shell commands in Terminal.app. This allows an agent to perform any action on the system that the current user has permissions for.
  • [DATA_EXFILTRATION]: Scripts such as scripts/tab/contents.applescript and scripts/tab/history.applescript allow an agent to retrieve the entire scrollback buffer and session history of terminal tabs. This can expose sensitive data like API keys, environment variables, or private file contents previously displayed in the terminal.
  • [PROMPT_INJECTION]: The skill facilitates indirect prompt injection by reading raw terminal output which could contain malicious instructions from external sources.
  • Ingestion points: scripts/tab/contents.applescript, scripts/tab/history.applescript.
  • Boundary markers: None present in the data retrieval scripts.
  • Capability inventory: scripts/window/run-script.applescript (arbitrary command execution).
  • Sanitization: None; raw terminal contents are passed directly to the agent context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 22, 2026, 04:27 PM