Skills
skills/termix-official/cryptoclaw/things-mac/Gen Agent Trust Hub

things-mac

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the things3-cli tool from a third-party GitHub repository (github.com/ossianhempel/things3-cli) using the go install command. This involves downloading and installing software from a source that is not part of the established trusted vendor list.
  • [COMMAND_EXECUTION]: Utilizes the things CLI to perform read and write operations on the local Things 3 database, which involves executing system commands.
  • [PROMPT_INJECTION]: The skill processes data from the local Things 3 database, creating a surface for indirect prompt injection.
  • Ingestion points: The skill reads task titles, notes, and project data via things search and listing commands in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to separate retrieved database content from agent instructions.
  • Capability inventory: The skill can write and update database entries using things add and things update as documented in SKILL.md.
  • Sanitization: Content from the database is processed without escaping or validation to prevent malicious instructions from influencing agent logic.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 12:15 AM
Security Audit — agent-trust-hub — things-mac