apple-reminders
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions to install the 'remindctl' utility via a third-party Homebrew tap ('steipete/tap/remindctl'). This is a standard method for distributing macOS command-line tools.
- [COMMAND_EXECUTION]: The skill uses the 'remindctl' binary to perform operations such as listing, adding, and deleting reminders. These operations are restricted to the local system and require user-granted macOS permissions for Reminders access.
- [PROMPT_INJECTION]: The skill processes user-generated content (reminder titles and notes), which creates a surface for indirect prompt injection. If a reminder contains instructions intended to manipulate the agent, they could be processed as part of the task management workflow.
- Ingestion points: Reminder data retrieved via 'remindctl' commands like 'today', 'all', or 'list'.
- Boundary markers: Absent; reminder content is processed directly.
- Capability inventory: Command execution via 'remindctl' CLI.
- Sanitization: Not present; the skill assumes the content of reminders is benign.
Audit Metadata