medication-tracker
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches drug labeling information from the official U.S. FDA OpenFDA API (api.fda.gov), which is a well-known and trusted government service for public health data.
- [COMMAND_EXECUTION]: Uses standard system utilities like mkdir and cat to store and manage medication schedules in a local directory within the user's home folder.
- [COMMAND_EXECUTION]: Employs osascript to trigger system-level notifications for medication reminders, which is consistent with its primary purpose as a tracker.
- [REMOTE_CODE_EXECUTION]: The automated alert regarding remote code execution is a false positive. The skill pipes JSON data from an external API into a hardcoded, local Python script used exclusively for formatting and displaying the data. No remote code is downloaded or executed.
Audit Metadata