things-mac
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
things3-clitool directly from a third-party GitHub repository (github.com/ossianhempel/things3-cli) using thego installcommand during the installation phase. - [COMMAND_EXECUTION]: The skill executes the
thingsCLI tool to perform various operations such as searching, listing, and updating tasks, which involves reading the local application database. - [CREDENTIALS_UNSAFE]: The documentation mentions the use of an environment variable
THINGS_AUTH_TOKENto authenticate write operations, which involves managing sensitive tokens locally. - [PROMPT_INJECTION]: The skill ingests untrusted data from the user's local Things 3 database (such as task titles and notes). This represents an indirect prompt injection surface if those fields contain instructions that the agent might inadvertently obey when processing the data.
Audit Metadata