macos-reminders
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection (Category 8) as it processes data from the macOS Reminders database. Ingestion points: Data entering the context via the
list-reminderscommand output. Boundary markers: Absent; there are no instructions to the agent on how to delimit or ignore instructions found within reminder content. Capability inventory: Usesosascriptfor system interaction,python3for processing, and writes tologs/reminders.log. Sanitization: Absent; while input parameters are validated, the content of the reminders themselves is not sanitized before being returned to the agent. - COMMAND_EXECUTION (LOW): The skill executes a local shell script (
reminders.sh) and usesosascript. These tools possess significant system permissions, but are utilized for the primary task of reminder management. Data is passed via stdin to prevent sensitive information from appearing in process lists.
Audit Metadata