imsg
Warn
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'imsg' utility from an external third-party Homebrew tap ('steipete/tap/imsg'). This source is not verified as a trusted organization or well-known service.
- [COMMAND_EXECUTION]: The skill relies on executing system-level commands to query the iMessage database and send messages via the Messages.app automation interface.
- [PROMPT_INJECTION]: As the skill reads incoming message content, it is susceptible to indirect prompt injection. Malicious instructions sent by external parties via iMessage could influence the agent's behavior. Evidence: Data enters through 'imsg history' (SKILL.md), no boundary markers or sanitization are defined, and the skill has 'imsg send' capabilities.
- [DATA_EXFILTRATION]: Accesses and processes highly sensitive private communication data, including full chat histories and attachments, which requires Full Disk Access permissions on macOS.
Audit Metadata