bear-notes
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Installs the grizzly CLI tool from github.com/tylerwince/grizzly via go install. This tool is necessary for the skill's operation.
- [COMMAND_EXECUTION]: Executes shell commands using the grizzly binary to manage notes in the Bear application.
- [PROMPT_INJECTION]: The skill retrieves data from notes which could contain malicious instructions.
- Ingestion points: Note content is read via the grizzly tool in the open-note and open-tag commands.
- Boundary markers: No delimiters are used to wrap note content.
- Capability inventory: The skill can search, read, and write notes but lacks system-level permissions.
- Sanitization: No sanitization is performed on retrieved data.
Audit Metadata