Skills
skills/vinitu/macos-notes-skill/macos-notes/Gen Agent Trust Hub

macos-notes

Pass

Audited by Gen Agent Trust Hub on Mar 22, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes osascript to perform AppleScript operations within the macOS Notes.app environment. This includes managing notes, folders, and attachments. The Makefile also includes commands for compiling and checking script syntax using osacompile.
  • [DATA_EXFILTRATION]: Reads sensitive user data from the Apple Notes database, including note bodies, plaintext, and metadata. It also facilitates the export of note attachments to the local file system using scripts/attachment/save.applescript.
  • [PROMPT_INJECTION]: Contains a surface for indirect prompt injection as it ingests and processes note content.
  • Ingestion points: scripts/note/get.applescript and scripts/note/search.applescript retrieve note text which is then processed by the agent.
  • Boundary markers: None; note data is interpolated without specific delimiters or instructions to ignore embedded commands.
  • Capability inventory: Includes capabilities for deleting notes, overwriting content, and writing files to the disk, which could be leveraged if a malicious payload is found in a note.
  • Sanitization: No validation or sanitization is applied to the retrieved note content.
  • [EXTERNAL_DOWNLOADS]: The README provides instructions for downloading and installing the skill using npx or a developer-provided shell script.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 22, 2026, 04:28 PM