notemdpro
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection attack surface as it is designed to process untrusted data from web research and existing user notes.
- Ingestion points: Processes markdown files from the local vault and external content from web research services.
- Boundary markers: No explicit delimiters or safety instructions are defined to separate untrusted data from agent instructions.
- Capability inventory: Includes file system write access and network communication capabilities.
- Sanitization: Lacks documented sanitization or validation of input data.
- [DATA_EXFILTRATION]: The skill's research functionality communicates with external domains such as Tavily and DuckDuckGo. While these are intended functions, they involve network activity to domains outside the standard whitelist.
- [EXTERNAL_DOWNLOADS]: Documentation points to external GitHub repositories for installation and setup. These references target a well-known service for legitimate development purposes.
Audit Metadata