bear-notes
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the grizzly binary from its source at github.com/tylerwince/grizzly using the Go toolchain. This is a standard installation method for this utility and originates from a well-known service (GitHub).
- [COMMAND_EXECUTION]: The skill executes various grizzly CLI commands to perform operations such as creating, reading, and searching notes within the Bear application.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it retrieves data from external note content. 1. Ingestion points: Note content and tags retrieved via grizzly open-note and grizzly tags (SKILL.md). 2. Boundary markers: Absent; note content is processed without specific delimiters or instructions to ignore embedded commands. 3. Capability inventory: The skill can create, modify, and read local Bear notes (SKILL.md). 4. Sanitization: Absent; note content is retrieved and used without explicit filtering or validation.
Audit Metadata