Skills
skills/bighardperson/computer-science-skills-collection/apple-notes/Gen Agent Trust Hub

apple-notes

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill instructs the user to install the memo utility from a third-party Homebrew tap (antoniorodr/memo). This involves downloading and installing executable code from an unverified personal repository.
  • [DATA_EXFILTRATION]: The skill accesses and processes the contents of Apple Notes. While this is the primary purpose of the skill, it represents exposure of personal and potentially sensitive data (notes often contain credentials or private information) to the agent context.
  • [COMMAND_EXECUTION]: The skill relies on executing the memo CLI tool to perform search, create, edit, and delete operations within the macOS environment.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads external data from Apple Notes, which creates a surface for indirect instructions to influence the agent.
  • Ingestion points: Note content is ingested into the agent context through the memo notes and memo notes -s (search) commands.
  • Boundary markers: None. The instructions do not provide delimiters or warnings to help the agent distinguish between note content and system instructions.
  • Capability inventory: The skill has the ability to write to and delete from the system's notes database via the memo notes -a and memo notes -d commands.
  • Sanitization: No sanitization or filtering of the retrieved note content is mentioned or implemented before the data is passed to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 10:48 AM
Security Audit — agent-trust-hub — apple-notes