apple-reminders
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [External Downloads] (MEDIUM): The skill relies on
remindctl, a third-party utility. It provides installation instructions via Homebrew (steipete/tap/remindctl) and source (pnpm install). These sources are not on the trusted repository list, requiring the user to trust an unverified external maintainer. - [Command Execution] (MEDIUM): The skill functions by constructing and executing shell commands (e.g.,
remindctl add "{title}"). This creates a significant attack surface for command injection if the agent fails to properly escape shell metacharacters in reminder titles, list names, or dates provided by the user or external data. - [Indirect Prompt Injection] (LOW): The skill reads and processes reminder content which may originate from external sources (shared lists, synchronized calendar invites).
- Ingestion points: Reminder data retrieved via
remindctl,remindctl list(SKILL.md). - Boundary markers: None identified in the provided documentation.
- Capability inventory: Local file/system access via the Reminders database and shell command execution.
- Sanitization: None mentioned; the skill passes strings directly to the CLI.
Audit Metadata