apple-notes
Warn
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
memoCLI utility from a third-party Homebrew tap (antoniorodr/memo/memo). This source is a personal repository and is not associated with a trusted organization or well-known service, posing a potential supply chain risk. - [COMMAND_EXECUTION]: The skill executes shell commands using the
memobinary to manage notes. This allows the agent to create, list, search, and delete data within the user's macOS environment. - [DATA_EXFILTRATION]: The skill accesses sensitive personal information stored in Apple Notes. While no external network destination is explicitly defined in the instructions, the access to local private data presents a significant exposure risk if the agent is compromised.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from Apple Notes. Ingestion points: Note content retrieved via
memo notescommands. Boundary markers: None identified in the prompt instructions to distinguish note content from system commands. Capability inventory: Shell command execution via thememoCLI. Sanitization: None described in the skill instructions to filter or escape note content before processing.
Audit Metadata