create-note
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute commands for the dino CLI, enabling the creation and listing of notes, tags, and card boxes. This is the primary intended behavior.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted user input and includes it in shell command arguments.\n
- Ingestion points: User-provided input for note titles, markdown content, tags, and card box names in SKILL.md.\n
- Boundary markers: The skill lacks explicit delimiters or instructions to prevent the agent from interpreting instructions embedded within user content.\n
- Capability inventory: The agent can execute arbitrary shell commands via the Bash tool and create files via the Write tool.\n
- Sanitization: There is no evidence of escaping or validation of user input to prevent command injection or instruction override.
Audit Metadata