apple-notes
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies (LOW): The skill installs the 'memo' binary from a third-party Homebrew tap ('antoniorodr/memo/memo'). This source is not on the trusted organizations list. The severity is adjusted to LOW from MEDIUM as the dependency is essential for the skill's primary stated purpose.\n- Indirect Prompt Injection (LOW): The skill ingests untrusted data from Apple Notes, creating an attack surface.\n
- Ingestion points: Note content retrieved via 'memo notes' and 'memo notes -s "query"'.\n
- Boundary markers: Absent. No instructions or delimiters are provided to the agent to distinguish note content from system instructions.\n
- Capability inventory: Execution of 'memo' CLI for creating, viewing, editing, and deleting notes.\n
- Sanitization: Absent. Data from notes is processed directly by the agent.\n- Command Execution (SAFE): The skill executes the 'memo' CLI tool to interact with the local Apple Notes database on macOS, which matches the intended functionality.
Audit Metadata