evernote-install-auth
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the official
evernoteSDK from the npm and PyPI registries. These are standard, well-known libraries for interacting with the Evernote API. - [COMMAND_EXECUTION]: The skill utilizes
npm install,pip install, and shell redirection (cat >> .env) to configure the project environment. These operations are within the expected scope for an installation and configuration skill. - [CREDENTIALS_UNSAFE]: The skill handles sensitive API credentials but correctly follows the security best practice of storing them in a
.envfile rather than hardcoding them into source code. It includes placeholders likeyour-consumer-keyfor user input. - [DATA_EXFILTRATION]: No unauthorized network operations or data exfiltration attempts were detected. Network activity is limited to official Evernote authentication and API endpoints.
- [PROMPT_INJECTION]: The skill does not contain any patterns typical of prompt injection or attempts to override agent safety guidelines.
Audit Metadata