imsg
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
imsgutility via a third-party Homebrew tap (steipete/tap/imsg). While the developer is well-known in the macOS community, this is an external dependency not included in the primary trusted vendor list. - [COMMAND_EXECUTION]: The skill executes the
imsgbinary to interact with system services. This tool requires high-level permissions, specifically Full Disk Access, to read thechat.dbfile used by the macOS Messages application. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it allows the agent to read and process untrusted text from incoming iMessages or SMS.
- Ingestion points: The
imsg historyandimsg watchcommands ingest external content directly into the agent's context from the Messages database. - Boundary markers: Absent. There are no instructions or delimiters provided to help the agent distinguish between message content and system instructions.
- Capability inventory: The agent has the ability to send messages (
imsg send) and execute further terminal commands based on its configuration. - Sanitization: Absent. No filtering or escaping is applied to the message history before it is passed to the agent.
Audit Metadata