The Agent Skills Directory

[SAFE]: The skill queries the local iMessage database located at ~/Library/Messages/chat.db. Although this database contains sensitive personal message history, accessing it is the primary stated purpose of the skill. The requirement for Full Disk Access is transparently documented.
[EXTERNAL_DOWNLOADS]: The skill utilizes the pytypedstream Python package for decoding Apple's NSAttributedString binary blobs. This is a legitimate third-party dependency required for the core functionality, and the script provides tiered fallbacks if the package is not installed.
[COMMAND_EXECUTION]: The skill provides various sqlite3 and python3 commands for the agent to execute in the terminal. These commands are used solely for database interrogation and data retrieval. They are well-documented and parameterised to avoid injection risks.
[PROMPT_INJECTION]: As the skill ingests and processes untrusted data (incoming text messages) from chat.db, it possesses a surface for indirect prompt injection. However, the skill lacks capabilities that could be triggered by such content (e.g., no network exfiltration or destructive file operations), and the ingested data is treated as passive string content.

imessage-query