macos-contacts
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill interacts with the macOS Contacts database using AppleScript via the
osascriptutility. This requires the user to explicitly grant 'Automation' permissions to the host terminal or application, providing a native security layer. - [COMMAND_EXECUTION]: The shell commands invoked within the AppleScript files (e.g., for case normalization) use the
quoted form ofproperty. This is a security best practice that prevents command injection by ensuring user-provided contact data is correctly escaped before execution. - [SAFE]: No remote code execution, external downloads, or data exfiltration attempts were detected. The skill operates entirely locally on the user's machine.
Audit Metadata