macos-reminders

BENIGN in purpose and data flow, but elevated to high security risk by dependency trust: the skill is tightly aligned with macOS Reminders and shows no credential harvesting or exfiltration, yet it requires an external `remindctl` binary whose provenance is not established in the skill documentation. That makes this more suspicious from a supply-chain standpoint than from malicious-behavior standpoint.