evernote-sdk-patterns
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill provides legitimate code patterns and best practices for interacting with the Evernote API. No evidence of malicious behavior, obfuscation, or credential theft was found.
- [PROMPT_INJECTION]: The skill implements data ingestion from the Evernote API, which is an external, untrusted source. This represents a potential surface for indirect prompt injection if the agent reads and executes instructions embedded in notes.
- Ingestion points:
references/implementation-guide.md(note search and metadata retrieval functions). - Boundary markers: Not present in the provided implementation snippets.
- Capability inventory:
SKILL.md(allowed-tools: Read, Write, Edit, Grep);references/implementation-guide.md(file system and network API access). - Sanitization: No explicit sanitization or validation of note content is demonstrated.
Audit Metadata