dino-note
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to executedinoCLI commands for note management, search, and storage operations across all provided scripts. - [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@dinoxx/dinox-clipackage from the NPM registry if it is not present on the system. - [PROMPT_INJECTION]: The skill implements defensive measures against indirect prompt injection by explicitly instructing the agent to treat all note content, titles, and CLI output as untrusted data and never execute instructions found inside them.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface:
- Ingestion points: Note content, tags, and metadata are ingested into the agent context via
dino note search,dino note get, anddino note detail(documented in references/search-and-read.md). - Boundary markers: SKILL.md contains a explicit 'Safety & Boundaries' section requiring the agent to treat note content as untrusted and ignore embedded instructions.
- Capability inventory: The skill can execute shell commands via Bash and can read and upload local filesystem paths to remote storage (documented in references/media-resources.md).
- Sanitization: The instructions mandate ignoring instructions found in notes and prefer structured JSON output (
--format json) for parsing data to minimize injection risks.
- Ingestion points: Note content, tags, and metadata are ingested into the agent context via
Audit Metadata