Skills
skills/tdhopper/dotfiles2.0/omnifocus-triage/Gen Agent Trust Hub

omnifocus-triage

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the of CLI tool and jq to perform read and write operations on the local OmniFocus database, including listing inbox items, projects, and tags, as well as updating or deleting specific tasks.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes task names and metadata from OmniFocus, creating an attack surface where malicious content in a task could attempt to influence agent behavior.
  • Ingestion points: Untrusted data enters the context from the of inbox list command output.
  • Boundary markers: There are no explicit delimiters or instruction-guarding markers used when the agent processes the retrieved task names.
  • Capability inventory: The skill can execute task modifications and deletions via the of task update and of task delete CLI commands.
  • Sanitization: No explicit sanitization or validation of the fetched task strings is performed prior to their use in subsequent shell commands or user-facing questions, though the interactive nature of the workflow (requiring user confirmation) provides a manual checkpoint.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:46 PM