Skills
skills/dvcrn/devonthink-cli/devonthink/Gen Agent Trust Hub

devonthink

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill is designed to generate and execute shell commands for the devonthink CLI utility. It allows the agent to perform actions such as searching records, modifying record properties, and deleting records within the local DEVONthink database.
  • [EXTERNAL_DOWNLOADS]: The skill instructions direct the user to install the devonthink package from npm and add plugins from the dvcrn/devonthink-cli marketplace repository. These are recognized as legitimate vendor resources associated with the skill author.
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill includes tools that ingest data from untrusted external sources.
  • Ingestion points: The create_from_url command (SKILL.md) fetches data from arbitrary URLs, and the ask_ai_about_documents command (references/examples.md) processes the content of local documents.
  • Boundary markers: There are no instructions provided to the agent to use delimiters or ignore instructions embedded within the data retrieved from URLs or documents.
  • Capability inventory: The agent has the capability to perform file system operations and database mutations (create, update, delete) based on the processed data.
  • Sanitization: No sanitization or validation logic is specified for the external content before it is processed by the AI model.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 05:50 PM