evernote-data-handling
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements boilerplate code for Evernote data integration using well-known Node.js libraries and secure coding patterns. Database operations use parameterized queries to prevent SQL injection, and the resource handler implements safe path construction for attachment storage.\n- [PROMPT_INJECTION]: The skill defines an ingestion surface for untrusted data through Evernote note content (ENML).\n
- Ingestion points: The
ENMLProcessorservice inreferences/implementation-guide.mdparses XML-formatted content from external notes.\n - Boundary markers: The provided code does not define specific boundary markers to delimit extracted content when used in a prompt context.\n
- Capability inventory: The skill utilizes file system access and database operations through the
ResourceHandler,SyncManager, andDataExporterclasses.\n - Sanitization: The processor includes logic to replace encrypted tags with placeholders, though it lacks specific sanitization for indirect prompt injection instructions.
Audit Metadata