apple-reminders
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
remindctlbinary to interact with the macOS Reminders database, performing actions like listing, creating, and deleting tasks. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the
remindctltool using Homebrew from a third-party repository (steipete/tap/remindctl). - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes user-controlled data (reminder titles and notes) through the
remindctlcommand output. - Ingestion points: Data enters the agent's context through the output of commands like
remindctl todayorremindctl all. - Boundary markers: No specific delimiters or safety instructions are used to distinguish reminder content from system instructions.
- Capability inventory: The agent can execute shell commands (
remindctl) and potentially other available tools based on the extracted data. - Sanitization: There is no evidence of sanitization or validation of the content retrieved from the reminders before it is processed by the agent.
Audit Metadata