evernote-sdk-patterns
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill contains legitimate documentation and implementation patterns for the Evernote SDK in Node.js. It covers common operations such as note search, metadata retrieval, pagination, and error handling.
- [SAFE]: No hardcoded credentials, malicious network operations, or obfuscated patterns were found. External links point to official Evernote developer documentation and standard resources.
- [COMMAND_EXECUTION]: Pattern 5 in
SKILL.mddemonstrates the use offs.readFileSyncto read local files for the purpose of creating note attachments. This is a standard and expected functional use of file system access within the context of the Evernote SDK's capabilities. - [PROMPT_INJECTION]: The skill facilitates the ingestion of external data from Evernote notes, which constitutes an indirect prompt injection surface.
- Ingestion points: Retrieval of note titles, metadata, and content via
findNotesMetadataandgetNoteinSKILL.md. - Boundary markers: The provided code snippets do not implement specific boundary markers or instructions for the agent to ignore instructions embedded within note data.
- Capability inventory: The skill is configured with tools for Reading, Writing, and Editing, and demonstrates file read access for resource handling.
- Sanitization: No explicit sanitization or validation of note content is present in the provided implementation examples.
Audit Metadata