imsg
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes the 'imsg' command-line interface to interact with the macOS Messages application and its underlying database to list chats, read history, and send messages.
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the 'imsg' tool from a third-party Homebrew tap (steipete/tap/imsg).
- [PROMPT_INJECTION]: Indirect prompt injection vulnerability surface. 1. Ingestion points: Message content is ingested via 'imsg history' and 'imsg watch' actions defined in SKILL.md. 2. Boundary markers: Absent; there are no instructions to the agent to treat message content as untrusted data. 3. Capability inventory: The agent has the ability to send messages and reference local files through the 'imsg send' command. 4. Sanitization: Absent; the skill does not include steps to sanitize or validate the content of messages retrieved from the system.
Audit Metadata