Skills
skills/kristenschumann/claude-skills/time-audit/Gen Agent Trust Hub

time-audit

Warn

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses and reads highly sensitive private data files for its primary function.
  • Accesses the macOS Screen Time database at ~/Library/Application Support/Knowledge/knowledgeC.db, which contains a detailed history of application usage.
  • Accesses Google Chrome history databases across all profiles located at ~/Library/Application Support/Google/Chrome/*/History, exposing full browsing history.
  • Extracts user email addresses from Chrome Preferences files using a Python script to label different browser profiles.
  • [COMMAND_EXECUTION]: The skill relies on multiple shell commands to extract and manipulate system data.
  • Uses sqlite3 to perform complex queries on private application and system databases.
  • Uses python3 -c to execute inline scripts for parsing JSON data from Chrome configuration files.
  • Uses cp to copy sensitive database files to the /tmp directory for processing.
  • Uses find to scan the filesystem for browser history files.
  • [COMMAND_EXECUTION]: The skill explicitly instructs the user to grant "Full Disk Access" to the Terminal in System Settings. While necessary for the stated functionality, this privilege allows the agent (and any other process in that terminal) to bypass macOS privacy protections for all user data.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 2, 2026, 03:11 PM