evernote-cost-tuning
Pass
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill retrieves and processes note metadata and content from Evernote (e.g., within the findPotentialDuplicates and findLargeNotes services). This exposure to external, untrusted data creates a surface for indirect prompt injection, where malicious content stored in Evernote could attempt to influence the agent's logic during reporting or optimization tasks.\n
- Ingestion points: Evernote note metadata (titles, sizes, update timestamps) and note content are ingested via the Evernote SDK in references/implementation-guide.md.\n
- Boundary markers: No explicit delimiters or boundary markers are implemented to separate external data from system instructions.\n
- Capability inventory: The skill possesses the capability to create and edit notes, as indicated by the createNote function and the allowed-tools configuration (Read, Write, Edit).\n
- Sanitization: While the skill uses wrapENML to structure content into Evernote's XML format, it does not perform sanitization or filtering to prevent the execution of instructions embedded within note content.\n- [EXTERNAL_DOWNLOADS]: The implementation guide references the installation and usage of the evernote SDK and the sharp image processing library. These are well-known and standard dependencies for Evernote integrations and image optimization respectively.
Audit Metadata