evernote-sdk-patterns

Pass

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill provides legitimate code patterns and best practices for interacting with the Evernote API. No evidence of malicious behavior, obfuscation, or credential theft was found.
  • [PROMPT_INJECTION]: The skill implements data ingestion from the Evernote API, which is an external, untrusted source. This represents a potential surface for indirect prompt injection if the agent reads and executes instructions embedded in notes.
  • Ingestion points: references/implementation-guide.md (note search and metadata retrieval functions).
  • Boundary markers: Not present in the provided implementation snippets.
  • Capability inventory: SKILL.md (allowed-tools: Read, Write, Edit, Grep); references/implementation-guide.md (file system and network API access).
  • Sanitization: No explicit sanitization or validation of note content is demonstrated.
Audit Metadata
Risk Level
SAFE
Analyzed
May 15, 2026, 10:57 AM
Security Audit — agent-trust-hub — evernote-sdk-patterns