beeper
Warn
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external binary (
beeper-cli) from a third-party GitHub repository (github.com/krausefx/beeper-cli) usinggo install. This involves downloading and executing code from an external source that is not on the trusted vendor list. - [DATA_EXFILTRATION]: The skill is designed to access and read local SQLite databases containing sensitive chat history from services like WhatsApp, Signal, and iMessage (e.g.,
~/Library/Application Support/BeeperTexts/index.db). While this is the primary purpose of the skill, it exposes highly private communication data to the agent context. - [COMMAND_EXECUTION]: The skill relies on executing the
beeper-clitool with various arguments to query local databases and retrieve chat information. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted message content from various chat platforms. Ingestion points: Chat messages and threads retrieved via
beeper-cli. Boundary markers: None. Capability inventory:beeper-clicommand execution and file system access. Sanitization: None.
Audit Metadata