High-risk tools in PilotGentic
9 of the 32 tools in PilotGentic are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
pilotgentic_app_lifecycle_managerExecuteManage application lifecycle: list, inspect, quit, force-quit, hide, activate, and check memory usage of running apps.
-
pilotgentic_call_skillExecuteCall a docked PilotGentic skill by tool name. Use pilotgentic_list_skills first to see what is available. Example tools: browser_ext_stats (Browser Extension live stats from cur...
-
pilotgentic_click_elementExecuteClick a UI element by its accessibility label, role, or value — no coordinates needed. More robust than coordinate clicks: survives window moves and layout changes. If element n...
-
pilotgentic_file_permissions_managerExecuteManage file and directory permissions on macOS. Get/set POSIX permissions (chmod), ownership (chown), ACL entries, check current-user access, and find world-writable files.
-
pilotgentic_navigateExecuteNavigate to a URL in a web browser with automatic verification. Uses Cmd+L to focus address bar, types the URL, presses Return, and verifies navigation succeeded by checking the...
-
pilotgentic_play_recordingExecuteList or play saved MacPilot recordings. Use op:
-
pilotgentic_start_transcriptionExecuteStart system audio capture and Whisper transcription. Buffers 10-second audio chunks, transcribes via whisper-cli, and appends timestamped text to /tmp/pilotgentic_transcript.tx...
-
pilotgentic_stop_transcriptionExecuteStop the running Whisper audio capture loop. Flushes and transcribes the final audio chunk before stopping.
-
pilotgentic_window_recording_managerExecuteManages screen/window recording sessions using macOS screencapture.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.