Skills
skills/termix-official/cryptoclaw/bear-notes/Gen Agent Trust Hub

bear-notes

Warn

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill metadata specifies an installation step that fetches the grizzly CLI tool directly from a personal GitHub repository (github.com/tylerwince/grizzly/cmd/grizzly@latest) using the Go package manager.
  • [COMMAND_EXECUTION]: The skill relies on executing the grizzly binary to perform all operations, including creating notes, reading notes, and managing tags. This involves shell execution of subcommands like open-note, create, and add-text.
  • [CREDENTIALS_UNSAFE]: The skill handles sensitive authentication tokens for the Bear app. It instructs the user to store their API token in a plain-text file at ~/.config/grizzly/token and references this file in command arguments (e.g., --token-file ~/.config/grizzly/token). Accessing this path exposes the token to the agent context.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection.
  • Ingestion points: Data enters the agent context through the grizzly open-note, grizzly tags, and grizzly open-tag commands, which return content from the user's Bear notes.
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present when processing note content.
  • Capability inventory: The skill has the capability to write data back to the file system or modify notes via grizzly create and grizzly add-text.
  • Sanitization: No sanitization or validation of the retrieved note content is performed before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 30, 2026, 12:14 AM