Skills
skills/jeremylongshore/claude-code-plugins-plus/evernote-core-workflow-a/Gen Agent Trust Hub

evernote-core-workflow-a

Pass

Audited by Gen Agent Trust Hub on Apr 4, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No security issues detected. The skill is a legitimate implementation for Evernote note and notebook management.\n
  • Content Sanitization: The implementation in references/implementation-guide.md provides robust helper functions such as escapeHtml() and htmlToENML(). The latter uses regular expressions to strip dangerous elements like <script>, <form>, and <iframe, as well as potentially malicious event handlers (e.g., onclick, onload), reducing the risk of XSS or malicious payload storage.\n
  • Dependency Management: The skill relies on the well-known and official evernote Node.js package. The usage of Bash(npm:*) in allowed-tools is a platform-level constraint that appropriately limits the agent to package management tasks.\n
  • Credential Safety: The skill documentation specifies that authentication should be handled via a pre-configured environment (evernote-install-auth), and the code correctly uses access tokens as parameters rather than hardcoding them.\n
  • Least Privilege: The tools and file operations described (Read, Write, Edit, Grep) are consistent with the stated purpose of managing note content and local files for bulk imports.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 4, 2026, 04:43 PM