evernote-hello-world
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is purely instructional, providing templates for basic Evernote API operations such as creating, listing, and retrieving notes.
- [CREDENTIALS_UNSAFE]: No hardcoded credentials were detected. The code correctly demonstrates retrieving the
EVERNOTE_ACCESS_TOKENfrom environment variables (process.envin Node.js andos.environin Python). - [EXTERNAL_DOWNLOADS]: The skill references the standard
evernoteSDKs for Node.js and Python. These are well-known, legitimate libraries for interacting with the Evernote service. - [COMMAND_EXECUTION]: There are no instances of arbitrary command execution or suspicious subprocess spawning.
- [DATA_EXFILTRATION]: Network operations are restricted to standard Evernote API calls via the official SDKs to known Evernote endpoints.
- [PROMPT_INJECTION]: No malicious instructions or bypass attempts directed at the AI agent were found.
Audit Metadata