fastnote-cli-operator
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection surface detected. * Ingestion points: The create and update commands in scripts/fastnote_cli.py accept arbitrary strings for note title, content, and tags. * Boundary markers: The agent is instructed to format responses with a summary and a json block which provides structural separation, but no explicit ignore instructions delimiters are used for the note content itself. * Capability inventory: The skill performs local file system operations (SQLite database) and executes the bundled Python script scripts/fastnote_cli.py. * Sanitization: The script correctly uses parameterized SQL queries to prevent traditional SQL injection, but does not perform sanitization on the natural language content stored within the notes.
- [COMMAND_EXECUTION]: The skill executes a bundled Python script scripts/fastnote_cli.py to perform note operations. The script uses only standard library modules and operates on a local SQLite database in the user's application data directory.
Audit Metadata