apple-notes

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the memo utility from a third-party Homebrew tap located at antoniorodr/memo, which is not an officially verified or trusted service provider.
  • [COMMAND_EXECUTION]: The skill executes shell commands using the memo CLI to perform operations such as creating, searching, and exporting system notes on macOS.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because the agent reads and processes user-generated text from Apple Notes.
  • Ingestion points: Untrusted content is ingested when the agent lists notes (memo notes), searches them (memo notes -s), or views them for editing.
  • Boundary markers: Absent. The skill instructions do not provide delimiters or security framing to prevent the agent from obeying instructions embedded within the note text.
  • Capability inventory: The agent has access to shell command execution (memo), file system export capabilities, and interactive note modification.
  • Sanitization: Absent. Content retrieved from the Notes application is processed without validation or filtering.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 06:06 AM
Security Audit — agent-trust-hub — apple-notes