Skills
skills/unnoo/zsxq-skill/zsxq-note/Gen Agent Trust Hub

zsxq-note

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes the zsxq-cli binary to perform note management tasks, such as creating new notes with the +create command and retrieving note lists with +list. This is the intended primary function of the skill.
  • [PROMPT_INJECTION]: The skill possesses an inherent surface for indirect prompt injection as it processes user input and external data.
  • Ingestion points: User-provided text passed to the --text flag in zsxq-note-create.md and note content retrieved and displayed in zsxq-note-list.md.
  • Boundary markers: The instructions do not specify explicit delimiters or guardrails to isolate note content from the agent's instructions.
  • Capability inventory: The skill is capable of executing shell commands through the zsxq-cli binary.
  • Sanitization: No evidence of input validation or content sanitization is provided in the documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 08:06 AM