apple-reminders
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to install an external command-line tool via a third-party Homebrew tap (
brew install steipete/tap/remindctl). This is a standard way to acquire specialized macOS system utilities, though it introduces a dependency on external code hosted on GitHub. - [COMMAND_EXECUTION]: The skill relies on executing shell commands with the
remindctlbinary to perform reminder operations such as listing, adding, completing, and deleting tasks. These commands are consistent with the skill's primary purpose. - [PROMPT_INJECTION]: The skill reads user-controlled reminder data into the agent's context, creating an indirect prompt injection surface.
- Ingestion points: Reminder content enters the context via
remindctl todayandremindctl listcommands described inSKILL.md. - Boundary markers: The instructions do not define any delimiters or system instructions to disregard potential commands embedded within reminder text.
- Capability inventory: The skill has the capability to execute shell commands and modify the local Reminders database.
- Sanitization: There is no mention of sanitizing or escaping the content of reminders before they are presented to or processed by the AI agent.
Audit Metadata