Skills
skills/sundial-org/awesome-openclaw-skills/apple-contacts/Gen Agent Trust Hub

apple-contacts

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses the macOS Contacts database to retrieve personal identifiable information (PII) including names, phone numbers, and emails. This constitutes data exposure of sensitive local information as part of the skill's primary function. \n- [COMMAND_EXECUTION]: Executes shell commands using osascript to run AppleScript, which is used to interact with the Contacts application on the host system. \n- [PROMPT_INJECTION]: Potential for indirect prompt injection if the agent processes malicious content stored within contact fields. \n
  • Ingestion points: Data retrieved from Contacts.app (SKILL.md). \n
  • Boundary markers: Absent. \n
  • Capability inventory: AppleScript execution and local data retrieval (SKILL.md). \n
  • Sanitization: Absent; the skill returns raw data from the address book.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 11:28 PM