macos-contacts
Pass
Audited by Gen Agent Trust Hub on May 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local shell scripts and AppleScript commands to interact with Contacts.app.
- Uses
osascriptto run internal backend scripts from thescripts/applescripts/contact/directory. - Employs
do shell scriptwithin AppleScript for string normalization (e.g., inget.applescript), utilizingquoted form ofto safely handle input strings. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the user's address book.
- Ingestion points: Contact fields (names, emails, notes) are read in
scripts/applescripts/contact/get.applescript,scripts/applescripts/contact/list.applescript, andscripts/applescripts/contact/search.applescript. - Boundary markers: Absent; contact data is returned as plain strings within JSON fields without explicit delimiters for the agent.
- Capability inventory: The agent can modify or delete user data via
scripts/commands/contact/add.sh,scripts/commands/contact/edit.sh, andscripts/commands/contact/delete.sh. - Sanitization: Implements
jsonEscapefor output data formatting andquoted form offor internal shell command execution within AppleScript. - [SAFE]: No malicious patterns, such as hardcoded credentials, unauthorized network exfiltration, or obfuscated code, were detected. All external resource patterns trace back to the vendor's expected infrastructure.
Audit Metadata