note-automation
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local JavaScript scripts (
publish.mjsandnote-publish.mjs) using Node.js to perform the primary automation logic. These scripts are invoked with arguments derived from user input or previous step outputs. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes external, untrusted Markdown files to extract content and tags.
- Ingestion points: The skill reads the content of local Markdown files provided by the user via the
path/to/article.mdargument. - Boundary markers: No explicit boundary markers or 'ignore' instructions are provided to the agent for the content being processed.
- Capability inventory: The skill has the capability to execute shell commands and perform web-based automation via Node.js scripts.
- Sanitization: There is no evidence of content sanitization or validation of the frontmatter tags before they are passed as arguments to the execution scripts.
Audit Metadata