We checked this and rejected itprivacy

Family Assistant Skill: why it is not safe to use

Family Assistant Skill passed our security scan; the one caveat is a privacy one: by design it stores highly sensitive personal data in local files.

What we found

Our automated review of `ericporres/family-assistant-skill` cleared every security check. We found no hidden or adversarial instructions, no network calls or external endpoints, no embedded secrets, no executable scripts or shell commands, no obfuscated payloads, and no remote fetches. The skill is plain, human-readable markdown that keeps all reference data in local files.

One finding is worth flagging for privacy. By design, this skill invites you to store highly sensitive information (such as Social Security numbers, medical details, and banking data) in local markdown files. The skill helps by masking values to the last four digits, but the underlying data still sits in plain files at rest on your device.

What to do instead

If you use this skill, treat those files as you would any sensitive record: keep them on encrypted storage, limit who and what can read the folder, avoid syncing them to shared or cloud locations unintentionally, and remove entries you no longer need.

Want the same outcome, safely? Use our checked skill instead.

Source: https://github.com/ericporres/family-assistant-skill

We report what our security review found at the time we checked, with the goal of keeping people safe. Projects change; if a maintainer has since fixed this, we are glad to recheck it. Email hello@agentpod.com.

Copied to clipboard. Go back to ChatGPT or Claude and paste it to teach the skill.