OmniFocus

Security checks across malware telemetry and agentic risk

Overview

This OmniFocus skill does what it says, but it can read task notes and make user-directed task changes, so users should confirm matches before changing tasks.

Install only if you want the agent to read and manage your OmniFocus tasks. Ask it to list matching tasks before completing or updating anything, and be careful with sensitive information in task notes because list and search results can expose those notes to the agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The guide documents a state-changing completion action and notes that it completes the first name match, but it does not adequately warn that ambiguous task names can cause unintended data changes. In an agent-driven context, this can lead to silent completion of the wrong task, causing loss of task visibility and workflow integrity.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script serializes and returns task notes, project names, tags, due dates, and stable task IDs for every matched OmniFocus task without any data-minimization, redaction, or user-facing notice. OmniFocus notes often contain sensitive personal or business information, so broad export of this metadata to the calling agent increases the risk of unintended disclosure beyond what is necessary to answer a user query.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal