Skills
skills/arlenagreer/claude_configuration_docs/omnifocus/Gen Agent Trust Hub

omnifocus

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes untrusted data from the local OmniFocus database.
  • Ingestion points: The script scripts/sqlite_reader.rb extracts task names and notes from the OmniFocus SQLite database and presents them to the agent.
  • Boundary markers: Absent. The skill does not wrap retrieved task data in specific delimiters or instructions to prevent the agent from interpreting task content as new commands.
  • Capability inventory: The skill can execute shell commands (osascript) via applescript_client.rb and omni_automation.rb, and perform file system operations (read/write temporary database copies).
  • Sanitization: While the skill uses Shellwords.escape and JSON.generate to prevent technical injection into scripts, the natural language content of tasks is not sanitized for malicious instructions.
  • [COMMAND_EXECUTION]: The skill frequently executes shell commands to perform automation tasks.
  • Evidence: The scripts scripts/applescript_client.rb and scripts/omni_automation.rb use backticks to execute osascript for interacting with the OmniFocus application.
  • Mitigation: The skill employs Shellwords.escape to sanitize the script content before it is passed to the shell, effectively preventing command injection into the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 03:19 PM