evernote-performance-tuning
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill facilitates the ingestion of untrusted data from an external source (Evernote) which could contain hidden instructions (Indirect Prompt Injection).
- Ingestion points: Data is retrieved via
findNotesMetadata,getNote, and search results from the Evernote API (references/implementation-guide.md). - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided implementation examples.
- Capability inventory: The skill allows the agent to use
Read,Write,Edit, andGreptools, which could be abused if malicious instructions are successfully injected via a note (SKILL.md). - Sanitization: There is no evidence of sanitization or filtering of the content retrieved from Evernote before it is processed by the agent or presented in the context.
Audit Metadata