apple-notes
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill installs the
memobinary via a custom Homebrew tap (antoniorodr/memo/memo) and suggests manual installation viapip. These sources are not within the trusted organization list, posing a supply-chain risk. - [COMMAND_EXECUTION] (LOW): The skill's primary operation involves executing the
memocommand with various arguments to interact with the system's Apple Notes database. - [DATA_EXPOSURE] (LOW): The skill is designed to read, search, and export Apple Notes. While this is the intended purpose, it grants the agent access to potentially sensitive personal information stored in the Notes app.
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection risk exists. If the agent reads a note (via
memo notesormemo notes -s) that contains malicious instructions, those instructions could influence the agent's subsequent behavior. - Ingestion points: Output of
memo notes(listing/viewing note content). - Boundary markers: None specified in the provided markdown.
- Capability inventory: Execution of shell commands (
memo), file export. - Sanitization: None detected in the skill definition.
Audit Metadata