Skills
skills/dalehurley/phpbot/update-apple-note/Gen Agent Trust Hub

update-apple-note

Fail

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interpolates user-controlled variables {{NOTE_NAME}} and {{NEW_CONTENT}} directly into AppleScript command strings. A malicious user could provide inputs containing double quotes and AppleScript commands (e.g., using do shell script) to execute arbitrary code on the host system.
  • [COMMAND_EXECUTION]: The procedure recommends writing AppleScript to a temporary file and executing it via osascript. This dynamic generation and execution of scripts using unsanitized user data is a high-risk pattern that bypasses security boundaries.
  • [PROMPT_INJECTION]: The skill retrieves the current body of an Apple Note (get body of note), which serves as an ingestion point for untrusted data. No boundary markers or 'ignore' instructions are used to prevent the agent from following malicious instructions embedded within the note's text.
  • [PROMPT_INJECTION]: The combination of reading untrusted content from notes and the ability to execute system-level scripts via osascript creates a significant indirect prompt injection surface. Evidence of this risk is found in Step 2 (ingestion point in SKILL.md), the lack of delimiters (boundary markers), and Step 4 (capability in SKILL.md).
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 1, 2026, 07:31 AM