Skills
skills/firecrawl/openclaw/bear-notes/Gen Agent Trust Hub

bear-notes

Warn

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the grizzly CLI utility from a third-party GitHub repository (github.com/tylerwince/grizzly) using the go install command during its setup phase.
  • [COMMAND_EXECUTION]: The skill executes the grizzly binary to perform operations on the host system and interact with the Bear application.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it retrieves note content from the Bear application which is then processed by the agent.
  • Ingestion points: Output of the grizzly open-note and grizzly open-tag commands.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the documentation.
  • Capability inventory: The skill allows the agent to create, read, and modify notes within the Bear application.
  • Sanitization: There is no evidence of sanitization or validation of the note content before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 18, 2026, 12:42 PM