Skills
skills/dotnetage/mindx/contacts/Gen Agent Trust Hub

contacts

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The script contacts_cli.sh is vulnerable to AppleScript injection. User-supplied variables $NAME, $PHONE, and $EMAIL are extracted from JSON input using jq and directly interpolated into double-quoted strings within osascript blocks in the search and add actions. Because there is no escaping or sanitization, an attacker can use a double quote to escape the string context and append malicious AppleScript commands, such as do shell script, which provides full access to the underlying system shell.
  • [DATA_EXFILTRATION]: This skill accesses the macOS Contacts database, which contains sensitive personal information. The lack of input validation, combined with the command execution capability, creates a high risk that this data could be harvested and sent to an external server via an injected curl or wget command.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8). 1. Ingestion points: The name, phone, and email parameters defined in SKILL.md and processed by contacts_cli.sh. 2. Boundary markers: Absent; the script does not use delimiters or instructions to ignore embedded commands in the data. 3. Capability inventory: Access to the macOS Contacts database and potential shell command execution through the osascript injection vulnerability. 4. Sanitization: Absent; the shell script performs no validation or escaping on the input before use.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 10:47 AM