note-organizer
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [SAFE]: The skill operates entirely within the local environment, storing all note data in the user's home directory (~/.notes). No external network requests or data transmission patterns were found.\n- [COMMAND_EXECUTION]: The shell script (scripts/joplin.sh) constructs file paths using user-supplied arguments in several commands, such as 'notebook'. Although the script enforces file extensions (e.g., .md), this represents a potential directory traversal surface if an attacker provides path-relative arguments to access unintended locations.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface.\n
- Ingestion points: Note content is ingested into the agent context via 'view', 'search', and 'export' commands in scripts/joplin.sh.\n
- Boundary markers: None. Note content is processed and displayed without delimiters to separate it from system instructions.\n
- Capability inventory: The skill has file-system write capabilities through 'new', 'edit', and 'trash' commands.\n
- Sanitization: None. The content of notes is returned to the agent without validation or escaping, which could allow malicious instructions embedded in notes to influence the agent's behavior.
Audit Metadata