apple-reminders-applescript
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
osascriptcommand-line utility to execute AppleScript files for interacting with the macOS Reminders application. This is the intended and standard mechanism for the skill's purpose.- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface by retrieving and processing untrusted user data from the Reminders database. - Ingestion points: User-controlled reminder names and bodies are fetched and returned to the agent in
scripts/reminder/get.applescript,scripts/reminder/list.applescript, andscripts/reminder/search.applescript. - Boundary markers: The skill does not implement delimiters or 'ignore instructions' warnings when interpolating retrieved reminder data into the agent's context.
- Capability inventory: The skill has the capability to create, edit, move, and delete lists and reminders, which could be misused if an agent is influenced by instructions hidden within a reminder's text.
- Sanitization: No sanitization, escaping, or validation is performed on the data retrieved from Reminders before it is passed back to the agent.
Audit Metadata