bear-notes
Warn
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the grizzly CLI tool from its official GitHub repository (github.com/tylerwince/grizzly) using the Go package manager.
- [COMMAND_EXECUTION]: Executes shell commands to create, read, and manage notes within the Bear application via the grizzly utility.
- [CREDENTIALS_UNSAFE]: Accesses the sensitive local file path ~/.config/grizzly/token to retrieve the Bear API authentication token required for certain operations.
- [PROMPT_INJECTION]: The skill ingests and processes data from external Bear notes, which could contain indirect prompt injections. Ingestion points: grizzly open-note, grizzly tags. Boundary markers: Absent. Capability inventory: Command execution via grizzly for note manipulation. Sanitization: None detected.
Audit Metadata