Skills
skills/zrong/skills/joplin/Gen Agent Trust Hub

joplin

Pass

Audited by Gen Agent Trust Hub on Apr 10, 2026

Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill provides functionality to read content from arbitrary local file paths using the --body-from parameter in note creation/updates and the resource upload command. This capability is used for importing note data but presents a risk of sensitive file exposure if the agent is directed to access unauthorized paths.
  • [COMMAND_EXECUTION]: The resource download command allows writing data to arbitrary local file paths. While intended for saving attachments, this could be misused to write data to sensitive locations on the host system if not strictly controlled.
  • [PROMPT_INJECTION]: The skill serves as an indirect prompt injection surface as it retrieves and processes note content and metadata from the Joplin database.
  • Ingestion points: scripts/joplin_tool.py (via get_note, list_notes, search, and events methods).
  • Boundary markers: Absent; note content is returned to the agent context without delimiters or warnings.
  • Capability inventory: The script has broad file system read/write access and network connectivity to the Joplin API.
  • Sanitization: No validation or filtering is applied to retrieved note content before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 10, 2026, 07:15 AM