The Agent Skills Directory

[DYNAMIC_CONTEXT_INJECTION]: The skill performs environment checks using shell command substitution (e.g., node --version) to verify the availability of required runtimes at load time. These commands are benign and do not process untrusted input.
[DATA_EXPOSURE]: API interactions are logged to a local file (evernote-debug.log) for troubleshooting purposes. The implementation includes a sanitizeParams function designed to redact sensitive fields such as token and password from the logs to prevent accidental credential leakage.
[INDIRECT_PROMPT_INJECTION]: Because the skill processes note content (ENML), it is inherently exposed to data-driven instructions. The skill mitigates this via an ENMLValidator that identifies and strips high-risk tags such as <script>, <iframe>, and Javascript event attributes (e.g., onclick) from the processed content.
[COMMAND_EXECUTION]: The skill provides diagnostic scripts and package commands that execute local Node.js code to test API connectivity and inspect account status. These operations are scoped to the intended debugging functionality and use defined environment variables.

evernote-debug-bundle