automating-voice-memos
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- DATA_EXFILTRATION (HIGH): The skill is designed to bypass standard application boundaries by directly reading the
CloudRecordings.dband theRecordingsfolder within the Apple Group Containers. - Evidence:
~/Library/Group Containers/group.com.apple.VoiceMemos.shared/Recordingsis targeted for direct file copying usingfm.copyItemAtPathToPathErrorinreferences/voice-memos-recipes.md. - This allows the agent to extract private audio files and metadata without user interaction within the app.
- PROMPT_INJECTION / COMMAND_EXECUTION (HIGH): The skill contains a transcript scraping recipe that uses
doShellScriptto execute a Python bridge for string processing. - Evidence in
references/voice-memos-recipes.md:app.doShellScript("printf %s ${app.doShellScript(...python3...)} > ${out}"). - If a transcript (which is untrusted data from a recording) contains malicious shell characters or instructions, it could lead to command injection or influence the agent's behavior during the 'External trim/enhance workflow'.
- COMMAND_EXECUTION (MEDIUM): The skill extensively uses
Application("System Events")anddoShellScriptto interact with the OS. - Evidence in
scripts/set_up_voice_memos_automation.sh: Usesopencommands and filesystem probes to locate data. - Evidence in
references/voice-memos-recipes.md: Invokessqlite3andffmpegvia shell. This assumes these binaries are safe and that the arguments (like filenames derived from metadata) are perfectly sanitized. - CREDENTIALS_UNSAFE (INFO): The URLite scanner flagged
group.com.app. This is a False Positive; it is part of the legitimate Apple internal pathgroup.com.apple.VoiceMemos.shared. However, the path itself points to highly sensitive user data.
Recommendations
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata