apple-notes
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill defines an installation process for the 'memo' CLI via a third-party Homebrew tap (
antoniorodr/memo/memo) that is not associated with a trusted organization or well-known vendor.\n- [COMMAND_EXECUTION]: The skill's primary operations involve executing thememocommand-line utility to interact with the local macOS system and theNotes.appdatabase.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core function of reading and processing untrusted data from Apple Notes.\n - Ingestion points: Apple Notes content retrieved through search, list, and view commands defined in
SKILL.md.\n - Boundary markers: Absent; the skill instructions do not provide delimiters to distinguish external note content from system instructions.\n
- Capability inventory: The agent can execute local shell commands via the
memobinary and interact with macOS automation features.\n - Sanitization: Absent; note content is passed directly to the LLM context without any validation or escaping mechanism.
Audit Metadata