apple-reminders
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
remindctlutility from a third-party Homebrew repository (steipete/tap/remindctl), which is not an officially verified or trusted organization per the provided scope. - [COMMAND_EXECUTION]: The skill provides instructions to execute the
remindctlbinary on the host system to interact with user data, including listing, creating, and deleting reminders. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and displays content from Apple Reminders which may contain untrusted instructions.
- Ingestion points: External data enters the agent context via output from
remindctl today,remindctl list, and other data-fetching commands (SKILL.md). - Boundary markers: The instructions do not define delimiters or instruct the agent to ignore instructions embedded within the reminder titles or notes.
- Capability inventory: The skill includes commands to add, modify, and delete reminder data, which could be leveraged if an injection is successful (SKILL.md).
- Sanitization: There is no mention of sanitizing or validating the output from the CLI tool before it is processed by the agent.
Audit Metadata