cli-anything-joplin

Pass

Audited by Gen Agent Trust Hub on Jun 13, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands via the 'joplin' terminal binary to interact with the Joplin backend. It provides a stateful harness for managing notes, notebooks, and configurations.- [INDIRECT_PROMPT_INJECTION]: The skill processes external data from Joplin notes and search results, which constitutes an attack surface for indirect prompt injection.
  • Ingestion points: SKILL.md documentation describes reading notes, todos, and search results via 'notes get', 'todos list', and 'search run' commands.
  • Boundary markers: None identified in the provided skill description.
  • Capability inventory: The skill performs subprocess execution of the 'joplin' binary and supports network synchronization.
  • Sanitization: No sanitization or validation of note content is described.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 13, 2026, 12:09 AM
Security Audit — agent-trust-hub — cli-anything-joplin