apple-reminders
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the installation of the
remindctlutility from a third-party Homebrew tap (steipete/tap/remindctl) and references building the tool from source usingpnpm. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing the
remindctlbinary via the shell to interact with the macOS Reminders database. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it processes untrusted data.
- Ingestion points: The agent ingests data from the local Apple Reminders database through commands like
remindctl todayorremindctl all. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between its own instructions and the content retrieved from reminders.
- Capability inventory: The skill has the ability to read, create, modify, and delete reminders, and executes shell commands via the
remindctlbinary. - Sanitization: The skill does not implement sanitization or validation of the text content within reminders before it is returned to the agent context.
Audit Metadata