evernote-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill employs dynamic context injection (
!npm list) inSKILL.mdto provide information about the current environment when the skill is loaded. This is a standard informational command for development tools and poses no security risk. - [SAFE]: Data processing involves reading and writing note content to local directories for migration. Analysis of the implementation guide shows that data handling is confined to the intended migration logic with no signs of credential harvesting or unauthorized external transmission.
- [SAFE]: The skill ingests untrusted Evernote data and Notion exports via
references/implementation-guide.md. Capability inventory includesBash,Write, andEdit. Sanitization is provided through theenmlToMarkdownfunction which uses regular expressions to clean XML/HTML formatting. While formal prompt injection boundary markers are absent, the tool's scope is restricted to local migration tasks.
Audit Metadata