automating-messages

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The content provides detailed, actionable instructions to programmatically send/receive Messages, read the Messages SQLite DB (requiring Full Disk Access), manipulate the clipboard/UI, and install launchd polling agents—capabilities that can be used for unauthorized data access, persistent monitoring, and exfiltration.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill explicitly instructs granting Automation/Accessibility and Full Disk Access (which exposes all user data) and recommends creating persistent launchd polling daemons and reading/writing the Messages SQLite DB—actions that change system state and access sensitive resources—though it does not request sudo or system-level file edits.