apple-voice-memos
Warn
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive local application data containing private user information.
- The script
scripts/extract-apple-voice-memos-metadataqueries a private SQLite database located at~/Library/Group Containers/group.com.apple.VoiceMemos.shared/Recordings/CloudRecordings.dbto extract recording metadata (titles, dates, durations, and file paths). - The script
scripts/extract-apple-voice-memos-transcriptaccesses and reads content from.m4afiles within the user's private library to extract embedded transcripts. - [PROMPT_INJECTION]: Potential for indirect prompt injection via the processing of untrusted audio transcripts.
- Ingestion points: Transcripts extracted from user recordings by
scripts/extract-apple-voice-memos-transcriptare ingested into the subagent prompt. - Boundary markers: The skill uses a
## Transcriptheading inPROMPT.mdas a delimiter but lacks explicit instructions for the subagent to ignore potentially malicious commands spoken within the audio. - Capability inventory: The skill uses Python scripts to read local files and can save processed output to the filesystem as markdown files.
- Sanitization: No sanitization or filtering is performed on the transcript text before it is sent to the subagent for processing.
Audit Metadata