reminders
Fail
Audited by Gen Agent Trust Hub on Apr 11, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script reminders_cli.sh performs AppleScript execution via osascript using double-quoted string interpolation of user-controlled variables. The TITLE, DUE_DATE, and PRIORITY variables are inserted directly into the command string. This allows for AppleScript injection where a malicious payload could terminate the intended command and execute 'do shell script' to run arbitrary bash commands with the current user's privileges.
- [DATA_EXFILTRATION]: Because the skill has access to the user's private Reminders database and is vulnerable to command injection, an attacker could use the injection to exfiltrate the contents of reminders or other sensitive system files.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. Evidence Chain: 1. Ingestion points: Untrusted data enters via stdin in reminders_cli.sh; 2. Boundary markers: Absent; 3. Capability inventory: osascript system interaction and shell command execution via do shell script; 4. Sanitization: Absent. The skill lacks any escaping or validation for external content before interpolation into the command execution context.
Recommendations
- AI detected serious security threats
Audit Metadata