Skills
skills/terrylica/cc-skills/imessage-query/Gen Agent Trust Hub

imessage-query

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: Analysis of the skill instructions and supporting Python scripts found no evidence of malicious intent or unauthorized data exfiltration. The skill performs local database queries and binary decoding as described.
  • [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run sqlite3 and the decode_attributed_body.py script. This execution is limited to standard macOS utilities and the provided skill code.
  • [DATA_EXFILTRATION]: The skill accesses sensitive personal data located at ~/Library/Messages/chat.db. It provides a mechanism to export this data to a local file (--export flag). No network-based exfiltration patterns (e.g., curl, wget to external domains) were identified.
  • [PROMPT_INJECTION]: As the skill ingests data from iMessages (which are sourced from external parties), it presents an indirect prompt injection surface.
  • Ingestion points: Message data is read from the message and attributedBody columns of chat.db in scripts/decode_attributed_body.py.
  • Boundary markers: The script uses pipe-delimited output (timestamp|sender|text) to separate fields.
  • Capability inventory: The skill has access to Read, Bash, and Write tools.
  • Sanitization: There is no explicit sanitization or filtering of instructions that might be embedded within the message text. Users should be aware that the AI may see instructions sent by third parties via iMessage.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 09:10 PM