Trust Assessment
imsg received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 3 high, 0 medium, and 0 low severity. Key findings include Skill can read sensitive personal communications, Skill can send arbitrary files from the filesystem, Requires Full Disk Access, granting broad filesystem read capabilities.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Skill can read sensitive personal communications The `imsg` skill provides commands (`imsg chats`, `imsg history`, `imsg watch`) that directly access and display private iMessage and SMS conversations, including message content, participant details, and attachments. This is the intended functionality of the skill but represents a high risk for data exfiltration if the agent is compromised or misused, as it can expose highly sensitive personal data. Implement strict user confirmation prompts before executing commands that retrieve message history or chat details. Ensure the agent's internal policies prevent logging or storing sensitive message content retrieved by this skill. Consider redacting sensitive information in logs. | LLM | SKILL.md:35 | |
| HIGH | Skill can send arbitrary files from the filesystem The `imsg send --file /path/to/image.jpg` command allows the agent to send any specified file as an attachment via iMessage/SMS. Combined with the 'Full Disk Access' requirement, this creates a direct vector for exfiltrating sensitive files from the user's system if the agent is prompted to send a malicious or unauthorized file. Implement strict user confirmation prompts for *any* file attachment, explicitly showing the full path of the file to be sent. Validate file paths to ensure they are within expected user directories and not system-critical files or directories. Implement allow-lists for file types if possible. | LLM | SKILL.md:53 | |
| HIGH | Requires Full Disk Access, granting broad filesystem read capabilities The skill explicitly states a requirement for 'Full Disk Access for terminal'. This permission grants the `imsg` binary (and any process executing it) the ability to read any file on the user's macOS system. While potentially necessary for some functionalities (e.g., accessing Messages.app's internal data or user-specified files for sending), it significantly broadens the attack surface and increases the impact of a potential compromise, allowing unauthorized access to sensitive user data beyond just messages. If possible, explore alternative methods that require more granular permissions instead of Full Disk Access. If unavoidable, ensure the agent's execution environment is highly sandboxed and that all interactions requiring file access are subject to explicit user confirmation and strict policy enforcement. Regularly review the necessity of this broad permission. | LLM | SKILL.md:20 |
Scan History
Embed Code
[](https://skillshield.io/report/b36040248c17cf0a)
Powered by SkillShield