search-notes
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the 'dino' CLI tool through Bash. It correctly uses double quotes for the '$ARGUMENTS' variable to mitigate potential shell command injection from user-provided keywords.
- [EXTERNAL_DOWNLOADS]: Suggests installation of the '@dinoxx/dinox-cli' Node.js package. This is a vendor-provided resource for the Dinox service described in the skill.
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection as it retrieves and displays content from external notes which could contain instructions.
- Ingestion points: Data is ingested through 'dino note search' and 'dino note detail' outputs.
- Boundary markers: No explicit delimiters or warnings are used to separate note content from agent instructions.
- Capability inventory: The skill has access to the 'Bash' tool.
- Sanitization: There is no explicit sanitization of the retrieved note content before it is processed by the agent.
Audit Metadata