set-note-description
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [Prompt Injection] (SAFE): The skill instructions do not contain attempts to bypass safety filters or override agent behavior.
- [Indirect Prompt Injection] (LOW): The skill processes untrusted markdown content which could contain embedded instructions. Ingestion points: Note content associated with $ARGUMENTS. Boundary markers: Absent; the skill does not use delimiters to isolate user data. Capability inventory: Modifies YAML frontmatter in local markdown files. Sanitization: Includes a critical rule to only modify the description property and preserve all other content, which limits potential impact.
- [Data Exposure & Exfiltration] (SAFE): The skill operates on local notes and does not demonstrate network capabilities or access to sensitive system credentials.
- [Unverifiable Dependencies] (SAFE): No external Python or Node.js packages are required or downloaded.
Audit Metadata