automating-contacts
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEDATA_EXFILTRATIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION] (LOW): The skill explicitly handles sensitive personal identifiable information (PII) by reading and exporting the macOS Contacts database to local CSV files. Although this is the primary purpose of the skill, it involves high-volume exposure of private data.
- [EXTERNAL_DOWNLOADS] (LOW): The automation scripts rely on the
PyXAPython package. While it is a legitimate automation library, it is an external dependency that must be installed on the host system. - [Indirect Prompt Injection] (LOW): The
import_contacts_from_csv.pyscript provides a surface for indirect prompt injection by ingesting data from external CSV files and writing it to the Contacts database without sanitization. - Ingestion points:
import_contacts_from_csv.py(reads from local CSV files). - Boundary markers: Absent; data is directly assigned to contact properties.
- Capability inventory: CRUD operations on macOS Contacts database, which could be read by other skills or agents.
- Sanitization: Absent; no validation or escaping of the input strings before insertion.
- [COMMAND_EXECUTION] (LOW): The skill uses Bash to execute its internal Python and JXA scripts for automation. These operations are limited to the intended local automation scope.
Audit Metadata