Skills
skills/baobao700508/unofficial-remnote-bridge-cli/remnote-bridge/Gen Agent Trust Hub

remnote-bridge

Pass

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill manages a local daemon process to facilitate communication between the agent and the RemNote application. This includes starting a WebSocket server and a configuration server on local loopback addresses (127.0.0.1). It also launches a browser instance (Chrome) for authentication during the setup phase. These operations are transparently documented as core components of the bridge's functionality.
  • [EXTERNAL_DOWNLOADS]: The CLI tool includes logic to automatically manage its own dependencies, particularly when running in developer mode where it may install Node.js packages for the RemNote plugin. These downloads are associated with the vendor's own infrastructure and the official npm registry, categorized as functional environment management.
  • [PROMPT_INJECTION]: The instructions contained within the skill files define operational boundaries and guide the agent on how to correctly translate natural language into CLI commands. These do not constitute malicious injection as they are aimed at ensuring technical accuracy and API compliance rather than bypassing safety filters.
  • [DATA_EXFILTRATION]: Network activity is restricted to local communication (localhost/127.0.0.1) and interactions with the official RemNote platform. There is no evidence of sensitive data being transmitted to unauthorized third-party servers.
  • [INDIRECT_PROMPT_INJECTION]: As the skill reads content from a user's RemNote database, it technically has an ingestion surface for indirect prompt injection. However, the tool uses highly structured output formats (JSON and Markdown) and distinct metadata markers (e.g., HTML comments for Rem IDs) to help the AI agent distinguish between data and control instructions. The risk is assessed as LOW and is inherent to the tool's purpose.
  • [SAFE]: The skill demonstrates high security standards by implementing multi-layered verification for all write operations, ensuring that the agent only modifies data it has previously read and that matches the expected state.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 10, 2026, 02:23 PM