Skills
skills/tdhopper/dotfiles2.0/omnifocus/Gen Agent Trust Hub

omnifocus

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the @stephendolan/omnifocus-cli package from the npm registry to provide its core functionality.- [COMMAND_EXECUTION]: The skill operates by executing shell commands (of) to interact with the local OmniFocus application and utilizes jq for processing JSON output.- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes task names, notes, and project metadata which could contain malicious instructions if the OmniFocus database is populated from untrusted external sources like email or shared projects.
  • Ingestion points: Data is ingested through of task list, of task view, of search, and of inbox list commands in SKILL.md.
  • Boundary markers: No explicit boundary markers or instructions are provided to the agent to treat data from the database as untrusted content.
  • Capability inventory: The skill possesses the capability to execute shell commands and process system data.
  • Sanitization: There is no evidence of sanitization or content validation performed on the strings retrieved from OmniFocus before they are used in the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 11:46 PM