apple-reminders

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the remindctl binary to interact with the macOS Reminders database, performing actions like listing, creating, and deleting tasks.
  • [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the remindctl tool using Homebrew from a third-party repository (steipete/tap/remindctl).
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it reads and processes user-controlled data (reminder titles and notes) through the remindctl command output.
  • Ingestion points: Data enters the agent's context through the output of commands like remindctl today or remindctl all.
  • Boundary markers: No specific delimiters or safety instructions are used to distinguish reminder content from system instructions.
  • Capability inventory: The agent can execute shell commands (remindctl) and potentially other available tools based on the extracted data.
  • Sanitization: There is no evidence of sanitization or validation of the content retrieved from the reminders before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — apple-reminders