Skills
skills/undertone0809/flomo-local-api-skill/flomo-local-api/Gen Agent Trust Hub

flomo-local-api

Warn

Audited by Gen Agent Trust Hub on Mar 27, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The script scripts/flomo_local_api.py contains a hardcoded API_SECRET value used to generate signatures for API requests.\n- [DATA_EXFILTRATION]: The skill programmatically accesses sensitive local storage paths associated with the flomo Mac application (~/Library/Containers/com.flomoapp.m/...) to harvest an access_token. This token is subsequently used for authenticated network requests to flomoapp.com.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from the flomo API and provide it to the agent.\n
  • Ingestion points: Memos are fetched via api_get in scripts/flomo_local_api.py.\n
  • Boundary markers: No delimiters or instructions to ignore embedded commands are present in the prompt instructions.\n
  • Capability inventory: The skill can perform network writes (api_put) and local file writes (Path.write_text).\n
  • Sanitization: Basic HTML escaping is performed in plain_text_to_html, but no semantic filtering of memo content is implemented.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 27, 2026, 04:21 AM
Security Audit — agent-trust-hub — flomo-local-api