Skills
skills/elizaos/eliza/bear-notes/Gen Agent Trust Hub

bear-notes

Warn

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The skill accesses a sensitive Bear API token stored at ~/.config/grizzly/token for authentication. Exposure of this token allows programmatic access to the user's Bear notes.
  • [EXTERNAL_DOWNLOADS]: The skill's installation process downloads and installs the grizzly tool from github.com/tylerwince/grizzly, which is an unverified external source not included in the trusted vendors list.
  • [COMMAND_EXECUTION]: The skill uses the grizzly binary to execute various system commands for note creation and manipulation, introducing risks associated with command execution if inputs are not properly sanitized.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by reading data from Bear notes which could contain malicious instructions.
  • Ingestion points: grizzly open-note and grizzly open-tag commands in SKILL.md.
  • Boundary markers: No delimiters or warnings to ignore embedded instructions are implemented.
  • Capability inventory: File system access and command execution via the grizzly CLI tool.
  • Sanitization: No sanitization or validation logic is present to filter content retrieved from the notes.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 17, 2026, 07:58 AM