Skills
NYC
skills/spillwavesolutions/automating-mac-apps-plugin/automating-reminders/Gen Agent Trust Hub

automating-reminders

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION] (MEDIUM): The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests untrusted data (reminder titles, notes, and search patterns) and possesses write/delete capabilities within the macOS Reminders database. Nested evidence: 1. Ingestion points: create_reminder.py (title/list_name), complete_reminders.py (search_pattern). 2. Boundary markers: None present to distinguish instructions from data. 3. Capability inventory: Creating, completing, and deleting reminders via PyXA and ScriptingBridge. 4. Sanitization: None identified beyond basic date formatting.
  • [COMMAND_EXECUTION] (LOW): The set_up_reminders_automation scripts utilize osascript to trigger macOS permission prompts. Nested evidence: The AppleScript payloads are hardcoded strings and do not interpolate user-provided data, mitigating injection risks.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 04:16 AM