imessage
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: Accesses the sensitive macOS iMessage database (~/Library/Messages/chat.db) and attachments folder. This access is necessary for the skill's primary functionality of reading and processing message history.- [COMMAND_EXECUTION]: Utilizes AppleScript to programmatically interact with the macOS Messages app, allowing the agent to send texts, files, and expressive effects.- [PROMPT_INJECTION]: Processes incoming message content which acts as a surface for indirect prompt injection attacks. The skill proactively addresses this risk with dedicated security guidance. Ingestion points: Incoming message text and sender identifiers (SKILL.md). Boundary markers: The documentation instructs developers to use role-based separation (system vs. user roles) for LLM prompts to prevent instruction override. Capability inventory: The kit enables message sending, group chat management, and access to Find My location data. Sanitization: Recommends input validation and warns against echoing raw user content in responses.
Audit Metadata