Skills
skills/tombener/devonthink-skill/devonthink/Gen Agent Trust Hub

devonthink

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes osascript -l JavaScript commands to perform automation tasks within the local DEVONthink application environment.
  • [EXTERNAL_DOWNLOADS]: The JXA API reference in references/jxa-api.md includes functions for the agent to download remote content and data into the local database, such as app.downloadURL and app.createMarkdownFrom(url).
  • [PROMPT_INJECTION]: The skill's ability to ingest and process document content presents an indirect prompt injection surface.
  • Ingestion points: Untrusted data can enter the agent context through bibliography JSON files read by scripts/bib_lookup.py and via the plainText content of DEVONthink records accessed in SKILL.md.
  • Boundary markers: No specific delimiters or boundary markers are documented to isolate potentially malicious instructions embedded in documents from legitimate content.
  • Capability inventory: The skill maintains capabilities for local command execution via subprocess in scripts/bib_lookup.py and osascript in SKILL.md, alongside file system access and network operations via the DEVONthink API.
  • Sanitization: Document content is retrieved and used in AI summarization or chat workflows without sanitization or filtering of embedded instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 11:23 AM