apple-remind-me
Warn
Audited by Gen Agent Trust Hub on Feb 13, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires a third-party tool named 'remindctl' (documented as needing installation at /usr/local/bin/remindctl). This is not a standard macOS utility and the skill does not verify the source or integrity of this binary, introducing a potential supply chain risk.- [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it processes external data (reminder titles) that could be controlled by an attacker.
- Ingestion points: list-reminders.sh reads all reminder titles and metadata into the agent context.
- Boundary markers: None. The reminder content is not delimited or marked as untrusted.
- Capability inventory: The skill can create, edit, delete, and complete reminders across multiple scripts (create-reminder.sh, delete-reminder.sh, etc.).
- Sanitization: None. The agent receives raw strings from reminder titles which could contain malicious instructions.- [COMMAND_EXECUTION] (LOW): All scripts use shell commands to interact with the system. While the use of variables is generally well-quoted (e.g., "$MESSAGE", "$ID"), the skill's security depends entirely on the 'remindctl' binary's own handling of these inputs.
Audit Metadata