Skills
skills/bighardperson/computer-science-skills-collection/things-mac/Gen Agent Trust Hub

things-mac

Warn

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill executes a remote download and installation of a binary from a third-party GitHub repository. Evidence: GOBIN=/opt/homebrew/bin go install github.com/ossianhempel/things3-cli/cmd/things@latest in SKILL.md.
  • [COMMAND_EXECUTION]: The skill relies on a custom CLI tool to perform system operations and modify application data. Evidence: Multiple commands using the things binary to read and write data, such as things inbox and things add.
  • [DATA_EXFILTRATION]: The skill accesses sensitive local database files containing personal task information and requests high-level system permissions. Evidence: Instructions to grant Full Disk Access to read the ThingsData-* folder in SKILL.md.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 16, 2026, 11:23 AM
Security Audit — agent-trust-hub — things-mac