Skills
skills/builtby-win/skills/things-cli/Gen Agent Trust Hub

things-cli

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes external commands including things-cli, osascript (AppleScript), and shortcuts to interact with the Things 3 application on macOS.
  • [DATA_EXFILTRATION]: The skill reads the THINGS_AUTH_TOKEN from the environment and accesses the user's Things 3 database contents to perform search and list operations.
  • [PROMPT_INJECTION]: The skill processes untrusted task titles, notes, and checklist items from the Things 3 database, which introduces an indirect prompt injection surface. 1. Ingestion points: Search results and list outputs from things-cli. 2. Boundary markers: Absent; there are no instructions or delimiters to isolate task data from agent logic. 3. Capability inventory: Includes the ability to run AppleScript, execute Shortcuts, and open URLs via subprocesses. 4. Sanitization: The things_url.py script applies URL encoding to parameters, but natural language content from tasks is not validated or filtered for malicious instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 05:44 PM