apple-contacts
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses osascript to execute AppleScript, allowing the agent to query and interact with the macOS Contacts application directly from the shell.
- [DATA_EXFILTRATION]: Accesses highly sensitive personal information, including names, phone numbers, and email addresses from the macOS Contacts database.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to the way user inputs are handled. * Ingestion points: Search terms like names and phone numbers are accepted as input and placed directly into AppleScript strings in SKILL.md. * Boundary markers: None are implemented to separate data from commands. * Capability inventory: Shell execution of osascript which has access to system applications. * Sanitization: No sanitization, escaping, or validation of user-provided strings is present, which could allow for AppleScript injection.
Audit Metadata