icloud-pp-cli

Warn

Audited by Gen Agent Trust Hub on May 28, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs users to download and install a CLI binary from external sources. It provides commands for installation via NPM (@mvanhorn/printing-press-library) and Go (github.com/mvanhorn/printing-press-library/...).- [DATA_EXFILTRATION]: Accesses highly sensitive local databases including ~/Library/Messages/chat.db for iMessage history and the Photos library database (Photos.sqlite). While the skill documentation claims no network calls are made, the tool provides functionality to export this sensitive data to local files (e.g., /tmp/chat.json).- [PROMPT_INJECTION]: The skill ingests untrusted data from external sources including iMessage bodies and photo metadata. It lacks explicit boundary markers or sanitization instructions for this content, creating an indirect prompt injection surface. Evidence: Ingestion occurs via messages search and messages export subcommands in SKILL.md. Capabilities include file deletion and data export. No sanitization or boundary markers are defined.- [COMMAND_EXECUTION]: The skill executes various subcommands through the icloud-pp-cli binary, including the use of AppleScript to delete items from the user's Photos library and shell commands to search and export private databases.- [PROMPT_INJECTION]: There is a metadata discrepancy between the Go module path defined in the frontmatter (github.com/matysanchez/icloudcli/...) and the manual installation instructions in the markdown body (github.com/mvanhorn/printing-press-library/...), which could lead to the installation of inconsistent or unverified software.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 28, 2026, 05:48 PM
Security Audit — agent-trust-hub — icloud-pp-cli