evernote-core-workflow-a
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or significant security vulnerabilities were detected. The skill follows established patterns for secure API integration.\n- [EXTERNAL_DOWNLOADS]: The skill utilizes the official
evernoteNode.js package and references documentation from Evernote's official developer portal, which are well-known and trusted sources.\n- [PROMPT_INJECTION]: The skill is designed to handle untrusted data safely. Evidence: (1) Ingestion points: ThecreateNoteandcreateHtmlNotemethods inreferences/implementation-guide.mdaccept external content. (2) Boundary markers: Content is wrapped within structured ENML (<en-note>) tags. (3) Capability inventory: The skill performs authorized Evernote API operations. (4) Sanitization: ThehtmlToENMLfunction inreferences/implementation-guide.mdremoves dangerous elements such as<script>,<form>, and<iframe>along with event handler attributes to mitigate injection risks.
Audit Metadata