skills/jeremylongshore/claude-code-plugins-plus-skills/evernote-migration-deep-dive/Gen Agent Trust Hub
evernote-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes dynamic context injection in
SKILL.mdvia the!npm list 2>/dev/null | head -5command. This command executes silently when the skill is loaded. While the current command is benign (listing installed packages), this mechanism can be abused for unauthorized command execution if modified. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted data from Evernote notes.
- Ingestion points: Note content is retrieved via
noteStore.getNote()inreferences/implementation-guide.mdand converted to Markdown. - Boundary markers: No explicit delimiters or instructions are used to prevent the agent from obeying instructions embedded within the migrated notes.
- Capability inventory: The agent has access to powerful tools including
Write,Edit, andBash, which could be exploited if a note contains malicious instructions. - Sanitization: The
enmlToMarkdownfunction performs structural conversion using regular expressions but does not sanitize the text for potentially malicious natural language instructions.
Audit Metadata