apple-reminders

Pass

Audited by Gen Agent Trust Hub on Jul 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill is a legitimate utility for managing Apple Reminders on macOS via the remindctl CLI tool. All code and build scripts are authored by the vendor and trace back to verified infrastructure.
  • [COMMAND_EXECUTION]: The tool executes system commands such as sqlite3 for diagnostics and uses the NSWorkspace API to open URLs. The repository's build scripts also execute shell and Python commands for automation.
  • [EXTERNAL_DOWNLOADS]: The project's release scripts use the GitHub API to download assets, and the skill instructions suggest installing the tool via Homebrew. These downloads originate from trusted or well-known vendor sources.
  • [DATA_EXFILTRATION]: Access to Reminders data is a core feature of the skill. No unauthorized data exfiltration or transmission to untrusted domains was detected.
  • [PROMPT_INJECTION]: Reminder data is ingested from the system, which is a potential surface for indirect injection. However, the agent's instructions are limited to data management, and the risk is further mitigated by the tool's built-in protections against CSV injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 13, 2026, 10:13 AM
Security Audit — agent-trust-hub — apple-reminders