The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: Recommends installing the imsg binary via a third-party Homebrew tap (steipete/tap/imsg) which is outside of the provided trusted vendor list.\n- [COMMAND_EXECUTION]: Executes the imsg CLI tool to perform system operations including listing chats, reading history, and sending messages.\n- [DATA_EXFILTRATION]: Reads sensitive message history from the macOS iMessage database (chat.db). Accessing this data requires the user to grant Full Disk Access permissions to the terminal environment.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) where malicious instructions could be received via incoming messages.\n
Ingestion points: Untrusted message content is ingested into the agent context via the imsg history and imsg watch commands as defined in SKILL.md.\n
Boundary markers: Absent. There are no delimiters or specific instructions to the agent to ignore or isolate the content of the messages from its own command logic.\n
Capability inventory: The skill has the capability to send messages (imsg send) and read system-level chat data, which could be exploited to exfiltrate information or influence the agent's behavior.\n
Sanitization: Absent. The skill does not perform any validation, filtering, or escaping of the message content before processing.

imsg