imsg
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures the installation of the 'imsg' CLI tool through the Homebrew tap 'steipete/tap/imsg'. This is a well-known repository within the macOS developer community.
- [COMMAND_EXECUTION]: The skill executes various 'imsg' shell commands to interact with the Messages application, including listing chats, retrieving history, and sending text or file attachments.
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting untrusted text from message history.
- Ingestion points: Untrusted message data enters the context via 'imsg history' and 'imsg watch' commands.
- Boundary markers: No specific delimiters or safety instructions are defined to separate ingested message text from the agent's core instructions.
- Capability inventory: The agent possesses the capability to execute CLI commands and send outgoing messages via the 'imsg send' tool.
- Sanitization: There is no evidence of sanitization or filtering applied to incoming message content before it is processed by the agent.
Audit Metadata