apple-notes
Warn
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill utilizes Homebrew to install the
memoutility from a third-party repository (antoniorodr/memo). This introduces a dependency on external code that is not maintained by a verified or well-known organization. - [COMMAND_EXECUTION]: The skill relies on shell commands to interact with the
memobinary. Because this tool handles personal data from Apple Notes, any vulnerability in how the tool processes input or note content could lead to unintended command execution. - [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by reading note content through the
memo notesand search commands. If a note contains malicious instructions, the agent might interpret them as authentic system directives. - Ingestion points: Note content retrieved via
memo notescommands in SKILL.md. - Boundary markers: None present; note content is not delimited to prevent the agent from following instructions embedded within notes.
- Capability inventory: Command execution via the
memoCLI, including creating, editing, and deleting data. - Sanitization: No evidence of input validation or output sanitization when handling note text.
Audit Metadata