apple-reminders
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs the user to install an external tool via
brew install steipete/tap/remindctl. This is a third-party dependency necessary for the skill's functionality. - [COMMAND_EXECUTION]: The skill relies on executing the
remindctlcommand-line utility to perform its core functions, including listing and modifying reminder data on the host system. - [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it reads and processes arbitrary text from the user's reminders list.
- Ingestion points: Data retrieved from the Reminders database via
remindctl(SKILL.md). - Boundary markers: Absent; the agent is not instructed to treat reminder content as untrusted data.
- Capability inventory: Local command execution and data modification capabilities via
remindctl(SKILL.md). - Sanitization: No sanitization or validation of the retrieved reminder content is performed.
Audit Metadata