skills/steipete/clawdis/things-mac/Gen Agent Trust Hub

things-mac

Warn

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the things3-cli tool directly from a third-party GitHub repository (github.com/ossianhempel/things3-cli) using the go install command during the installation phase.
  • [COMMAND_EXECUTION]: The skill executes the things CLI tool to perform various operations such as searching, listing, and updating tasks, which involves reading the local application database.
  • [CREDENTIALS_UNSAFE]: The documentation mentions the use of an environment variable THINGS_AUTH_TOKEN to authenticate write operations, which involves managing sensitive tokens locally.
  • [PROMPT_INJECTION]: The skill ingests untrusted data from the user's local Things 3 database (such as task titles and notes). This represents an indirect prompt injection surface if those fields contain instructions that the agent might inadvertently obey when processing the data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 17, 2026, 05:38 PM
Security Audit — agent-trust-hub — things-mac