Skills
skills/qwibitai/nanoclaw/add-imessage/Gen Agent Trust Hub

add-imessage

Warn

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git fetch and git show to download code from the origin/channels branch and write it to the local filesystem at src/channels/imessage.ts.
  • [EXTERNAL_DOWNLOADS]: Installs the chat-adapter-imessage package from an external registry to support the new channel functionality.
  • [COMMAND_EXECUTION]: Guide users to grant 'Full Disk Access' to the Node.js executable on macOS using the open command. This privilege allows the runtime to read sensitive data across the entire disk, including private message databases, which significantly expands the security impact of any potential compromise.
  • [PROMPT_INJECTION]: Creates an indirect prompt injection surface by ingesting content from external iMessage conversations. Ingestion points: External messages from contacts or group chats. Boundary markers: None identified in the provided configuration. Capability inventory: Full filesystem access (via the requested FDA) and network access for communication. Sanitization: No content validation or sanitization mechanisms are described for incoming data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 26, 2026, 09:50 PM