Skills
skills/insight68/skills/apple-notes/Gen Agent Trust Hub

apple-notes

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the memo utility from a third-party Homebrew tap (antoniorodr/memo/memo) which is not associated with a trusted vendor.
  • [COMMAND_EXECUTION]: The skill relies on executing system commands using the memo binary to perform CRUD operations on the user's Apple Notes.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by reading untrusted content from Apple Notes into the agent's context.
  • Ingestion points: Note content retrieved via memo notes and memo notes -s as described in SKILL.md.
  • Boundary markers: No delimiters or protective instructions are provided to the agent to treat note content as untrusted data.
  • Capability inventory: The skill can create, edit, delete, and move notes using CLI subprocess calls.
  • Sanitization: There is no evidence of sanitization or filtering of the note content before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:21 PM