Skills
skills/letta-ai/lettabot/apple-notes/Gen Agent Trust Hub

apple-notes

Pass

Audited by Gen Agent Trust Hub on Mar 11, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata and instructions direct the installation of the 'memo' CLI tool from an unverified third-party Homebrew tap ('antoniorodr/memo') or via pip from a cloned GitHub repository. This source is not recognized as a trusted organization or well-known service.
  • [COMMAND_EXECUTION]: The skill facilitates the execution of terminal commands on the local system using the 'memo' binary to perform operations on the Apple Notes database.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes data from Apple Notes, which could contain adversarial instructions.
  • Ingestion points: Untrusted note content is retrieved via 'memo notes' and 'memo notes -s' as shown in SKILL.md.
  • Boundary markers: No delimiters or instructions are used to ensure the agent ignores embedded commands within the notes.
  • Capability inventory: The skill possesses the capability to search, add, edit, move, and delete notes, which could be abused if an injection is successful (SKILL.md).
  • Sanitization: There is no evidence of content sanitization or validation before the data is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 11, 2026, 11:40 PM