Skills
skills/eins78/skills/apple-notes/Gen Agent Trust Hub

apple-notes

Pass

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [SAFE]: No malicious patterns or security vulnerabilities were detected. The skill performs its stated function of reading Apple Notes using standard macOS system tools.
  • [COMMAND_EXECUTION]: The skill uses osascript to execute AppleScript commands for interacting with the macOS Notes application. This is the intended and standard mechanism for the skill's purpose.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted content from the user's Apple Notes.
  • Ingestion points: Note content is retrieved and displayed by scripts/read-note.sh and scripts/search-notes.sh.
  • Boundary markers: None present to isolate note content.
  • Capability inventory: The skill is limited to read-only operations via AppleScript; it lacks network access or write permissions.
  • Sanitization: No sanitization or escaping is performed on the retrieved note data before it is presented to the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 16, 2026, 03:08 AM