imsg
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the
imsgCLI utility fromsteipete/tap/imsgusing the Homebrew package manager. - [COMMAND_EXECUTION]: The skill relies on executing shell commands through the
imsgCLI to perform all messaging operations. - [DATA_EXFILTRATION]: The skill accesses sensitive private data, specifically iMessage and SMS chat history and message content, which is fundamental to the skill's messaging features.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from incoming messages. Ingestion points:
imsg historyandimsg watchretrieve messages from external senders. Boundary markers: No explicit delimiters or instructions are used to prevent the agent from interpreting message content as commands. Capability inventory: The agent can execute shell commands and send outgoing messages. Sanitization: There is no evidence of sanitization or filtering of the ingested message data.
Audit Metadata