note-publish
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFENO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing shell commands to run local Node.js scripts (
scripts/note-publish.mjsandscripts/inspect-editor.mjs) for browser automation tasks. - [CREDENTIALS_UNSAFE]: Documentation explicitly instructs the use of a
.envfile for storing note.com authentication credentials. While this is a standard practice, it highlights the skill's reliance on sensitive user secrets. - [NO_CODE]: Several critical components of the skill, including the main execution scripts (
scripts/note-publish.mjs,scripts/inspect-editor.mjs) and the selector library (lib/selectors.mjs), are referenced but not included in the source for analysis. - [DATA_EXPOSURE]: The skill accepts a file path via the
--mdargument to read content from the local file system. This allows the agent to ingest data from external files, which could lead to unintended data exposure if the path is not properly validated. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external Markdown files to extract metadata (tags).
- Ingestion points: Local file system via the
--mdparameter. - Boundary markers: No specific delimiters or safety warnings for the agent are defined to distinguish between file data and instructions.
- Capability inventory: Shell command execution, local file system read access, and network operations through browser automation.
- Sanitization: No sanitization or validation logic for the input file content is described.
Audit Metadata