Skills
skills/evanbacon/apple-health/healthkit-cli/Gen Agent Trust Hub

healthkit-cli

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill repeatedly calls bunx apple-health. This tool automatically fetches and executes the apple-health package from the npm registry. The package is not authored by a trusted organization on the approved list, making it an unverifiable dependency.
  • [REMOTE_CODE_EXECUTION] (MEDIUM): Using package runners like bunx or npx with arbitrary packages allows for the execution of remote code on the local system, which is a common vector for supply chain attacks.
  • [COMMAND_EXECUTION] (LOW): The skill provides numerous commands for interacting with highly sensitive HealthKit data (heart rate, sleep, symptoms) via a command-line interface, though these appear to be the primary intended function.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:45 PM