Skills
skills/thinkfleetai/thinkfleet-engine/things-mac/Gen Agent Trust Hub

things-mac

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill's installation process fetches and executes a Go module from a non-trusted third-party GitHub repository (github.com/ossianhempel/things3-cli).
  • [COMMAND_EXECUTION]: The skill relies on executing the things CLI tool via subprocess calls to interact with the macOS file system and the Things 3 application URL scheme.
  • [CREDENTIALS_UNSAFE]: The skill documentation encourages the use of THINGS_AUTH_TOKEN to authorize update operations, which involves handling sensitive authentication credentials.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves user-generated content from a local database without sufficient safeguards.
  • Ingestion points: Task titles, notes, and project names are read from the local SQLite database via things inbox and things search commands.
  • Boundary markers: No delimiters or specific 'ignore' instructions are used when interpolating task data into the agent's context.
  • Capability inventory: The agent can execute CLI commands (things add, things update) and potentially trigger URL schemes based on retrieved content.
  • Sanitization: The skill does not perform validation or sanitization of the data retrieved from the Things 3 database before processing it.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 05:15 AM