Skills
skills/trtmn/agent-skills/imsg/Gen Agent Trust Hub

imsg

Warn

Audited by Gen Agent Trust Hub on Mar 24, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: Accesses the sensitive macOS Messages database at '~/Library/Messages/chat.db'. This file contains the user's complete text message history and private contact information.
  • [COMMAND_EXECUTION]: Executes the 'imsg' CLI tool to interact with the system's Messages database and send messages.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection through the retrieval of external message content. • Ingestion points: Untrusted message text is ingested via the 'history' and 'watch' commands. • Boundary markers: Absent. No delimiters or instructions are provided to distinguish message content from system instructions. • Capability inventory: The skill has the capability to send messages ('imsg send') and read history. • Sanitization: No sanitization or filtering of incoming message content is performed before processing.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 24, 2026, 06:31 PM