skills/jeremylongshore/claude-code-plugins-plus-skills/evernote-migration-deep-dive/Gen Agent Trust Hub
evernote-migration-deep-dive
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The SKILL.md file contains a dynamic context injection pattern (!npm list 2>/dev/null | head -5) that executes a shell command when the skill is loaded. This is used for benign environment introspection and is consistent with the skill's developer-focused migration purpose.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection as it handles external data from Evernote.
- Ingestion points: Data enters the system context through the Evernote API (notes, notebooks, tags) and exported local files as described in references/implementation-guide.md.
- Boundary markers: There are no explicit delimiters or boundary markers used in the code to isolate external note content from agent instructions.
- Capability inventory: The skill is configured with Write, Edit, and Bash tools and includes scripts that execute filesystem operations (fs.writeFile, fs.mkdir).
- Sanitization: The implementation includes the sanitizeName method for output filenames in the EvernoteExporter class, but no instructional sanitization is applied to the note content itself.
Audit Metadata