check-action-items-from-contact
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the 'osascript' command to execute AppleScript code that programmatically interacts with the macOS Mail application.
- [DATA_EXFILTRATION]: The script accesses sensitive user information by reading the sender name, subject line, and the full text body of every message in the inbox to find matches.
- [PROMPT_INJECTION]: The skill is highly vulnerable to indirect prompt injection because it analyzes untrusted email content. 1. Ingestion points: Raw email content is extracted via AppleScript in 'SKILL.md'. 2. Boundary markers: No delimiters or protective warnings are used to isolate email content from the agent's instructions. 3. Capability inventory: The skill utilizes system-level scripting to read private communications. 4. Sanitization: There is no evidence of filtering or escaping performed on the email content before it is processed by the AI.
Audit Metadata