Skills
skills/dotnetage/mindx/imessage/Gen Agent Trust Hub

imessage

Fail

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script imessage_cli.sh is vulnerable to AppleScript injection. The input variable TO is interpolated directly into the osascript command block without any sanitization or escaping. This allows a malicious actor to break out of the string literal and execute arbitrary shell commands on the host system using the AppleScript do shell script function. For example, a payload in the to parameter like dummy" & (do shell script "whoami") & " would execute the command.
  • [DATA_EXFILTRATION]: The skill's primary function is to send messages to external phone numbers or email addresses. While this is its intended purpose, it creates a significant exfiltration vector. An agent or a malicious prompt could use this tool to transmit sensitive files, credentials, or environment variables to an external destination controlled by an attacker.
  • [DATA_EXFILTRATION]: The script reads input parameters from stdin without filtering, which can include sensitive content generated or retrieved by the agent in previous steps.
  • [COMMAND_EXECUTION]: While the MESSAGE variable undergoes basic sed escaping for double quotes and backslashes, this does not fully mitigate the risk of specialized AppleScript injection or logic manipulation within the tell application block.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 11, 2026, 10:47 AM