apple-notes
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the 'memo' command-line utility from a third-party repository ('antoniorodr/memo/memo') via Homebrew.
- [COMMAND_EXECUTION]: The skill performs note operations by executing the 'memo' binary on the macOS system.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from Apple Notes.
- Ingestion points: Note content is retrieved via the 'memo notes' and 'memo notes -s' commands.
- Boundary markers: No explicit delimiters or instructions are used to separate retrieved note content from agent instructions.
- Capability inventory: The skill utilizes command-line execution (memo CLI) for all operations.
- Sanitization: There is no evidence of sanitization or filtering of note content before it is processed by the agent.
Audit Metadata