anki-connect
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- Prompt Injection (SAFE): No instructions attempt to override agent constraints or extract system prompts. The instructions are strictly focused on API interaction and safety protocols.
- Data Exposure & Exfiltration (SAFE): Network operations are restricted to the local loopback address (127.0.0.1). No sensitive local file paths are accessed, and no hardcoded credentials are present.
- Obfuscation (SAFE): The file contains clear, readable markdown and standard bash commands. No Base64, zero-width characters, or encoding tricks were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill relies on standard system utilities (curl and jq). It does not download external scripts or packages from the internet.
- Privilege Escalation (SAFE): No commands require sudo or attempt to modify system-level permissions.
- Persistence Mechanisms (SAFE): The skill does not attempt to create cron jobs, modify shell profiles, or establish startup persistence.
- Indirect Prompt Injection (SAFE): While the skill reads data from a local database (Anki), it implements a strict 'Safety and Confirmation Policy' that requires human-in-the-loop verification for all state-changing operations, mitigating risks from potentially malicious note content.
- Command Execution (SAFE): The skill uses structured JSON generation with jq to interact with a local API. This is the intended purpose of the skill and is implemented using best practices to avoid shell injection.
Audit Metadata