apple-notes
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to install the
memotool from a third-party Homebrew tap (antoniorodr/memo). This source is not part of the trusted vendors list or a well-known service organization. - [COMMAND_EXECUTION]: The skill relies on shell command execution to function, using various
memosubcommands to interact with the operating system and the Apple Notes application. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its ability to read and search untrusted user data in Apple Notes. Ingestion points: searching and viewing notes (
memo notes -s). Boundary markers: None. Capability inventory: shell command execution via thememoCLI. Sanitization: None specified in the skill code.
Audit Metadata