The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill contains a highly dangerous parsing pattern: python3 -c "import sys; loc = eval(sys.stdin.read()); ...". This uses the Python eval() function to execute a string retrieved directly from the icloud command output. Because device names and other metadata in iCloud are user-controlled, an attacker could inject malicious Python code that would be executed on the host system during parsing.\n- [COMMAND_EXECUTION]: The skill relies on executing various shell commands to function, including icloud, grep, sed, and python3. It instructs the agent to run these tools to perform authentication, list devices, and extract data.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the pyicloud library from a third-party GitHub repository (picklepete/pyicloud). This is an external dependency that is not part of the verified trusted vendor list.\n- [DATA_EXFILTRATION]: The skill provides access to highly sensitive personal data, including the real-time GPS coordinates (latitude/longitude) and battery status of the user's and their family's devices. This constitutes a significant data exposure risk if the agent is compromised.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from the iCloud API.\n
Ingestion points: Device names, display names, and location metadata retrieved via icloud --list and processed in SKILL.md.\n
Boundary markers: None; external data is piped directly into shell commands and Python execution.\n
Capability inventory: Full shell command execution, arbitrary Python execution via eval(), and access to persistent configuration files.\n
Sanitization: No sanitization or validation is applied to the data before it is passed to the shell or the Python interpreter.

icloud-findmy