remnote-bridge
Warn
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
install-skillcommand ininstructions/install-skill.mdutilizesnpx skills addto fetch and install the skill from the author's npm/GitHub repository (baobao700508/unofficial-remnote-bridge-cli). - [REMOTE_CODE_EXECUTION]: The skill manages 'addons' (extensions) through the
addoncommand (instructions/addon.md), such asremnote-rag, which are separate components installed at runtime. Furthermore, theconnect --devmode automatically installs Node.js dependencies for the plugin. - [COMMAND_EXECUTION]: The skill performs various shell operations to manage the lifecycle of the bridge, including starting/stopping a background daemon, executing
npxfor installation, and using system commands likekillortaskkillduring thecleanprocess to terminate residual processes. - [DATA_EXPOSURE]: The
setupcommand (instructions/setup.md) manages a local Chrome profile in~/.remnote-bridge/chrome-profileto store RemNote authentication sessions and cookies, which are then reused by the headless connection mode. - [INDIRECT_PROMPT_INJECTION]: The skill ingests untrusted data from the user's RemNote knowledge base via
read-rem,read-tree, andsearchoperations. This data is processed in the agent's context and can influence future actions. The skill lacks explicit boundary markers or sanitization instructions for this external content, while possessing powerful capabilities likeedit-rem,edit-tree, andcleanwhich could be abused if malicious instructions are present in the notes.
Audit Metadata