apple-reminders
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
remindctlutility from a third-party Homebrew tap (steipete/tap/remindctl) and references source code from GitHub. - [COMMAND_EXECUTION]: The skill executes multiple shell commands via the
remindctlbinary to list, create, edit, and delete reminders on macOS. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from Apple Reminders.
- Ingestion points: Reminder titles and notes are ingested into the agent context through commands like
remindctl today --json. - Boundary markers: None provided in the skill instructions to distinguish between reminder data and system instructions.
- Capability inventory: The agent can modify, complete, and delete records based on its interpretation of the ingested data.
- Sanitization: No evidence of content sanitization or validation of the reminder data before it is processed by the agent.
Audit Metadata