Skills
skills/composiohq/openclaw-composio/imsg/Gen Agent Trust Hub

imsg

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs an external binary imsg via a third-party Homebrew tap (steipete/tap/imsg). While the source is a known developer, it is not within the pre-defined list of trusted organizations.
  • [COMMAND_EXECUTION]: The skill relies on executing the imsg CLI tool to perform actions like listing chats, reading history, and sending messages.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted text data from external sources (SMS and iMessages).
  • Ingestion points: The imsg history and imsg watch commands (referenced in SKILL.md) allow the agent to read message content from external senders.
  • Boundary markers: The skill does not define specific delimiters or instructions to prevent the agent from obeying commands embedded within the chat history.
  • Capability inventory: The agent has the capability to send outgoing messages and files using imsg send based on interpreted data.
  • Sanitization: There is no evidence of sanitization or filtering applied to the message content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 09:12 PM