Skills
skills/undertone0809/flomo-skills/flomo-web-crud/Gen Agent Trust Hub

flomo-web-crud

Warn

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill includes instructions for the agent to generate and execute JavaScript code snippets in the browser's context to interact with internal application states (Vue.js and Tiptap editor). This is used as a fallback mechanism for UI automation.\n
  • Evidence: references/ui-locators.md contains snippets such as document.querySelector('.input-box').__vue__.onSubmit() and editor.commands.setContent(...).\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading and summarizing user-generated memo content from the web interface while maintaining write and delete permissions.\n
  • Ingestion points: Memo data is ingested via chrome_get_web_content and chrome_read_page as defined in references/workflows.md.\n
  • Boundary markers: There are no explicit instructions or delimiters to prevent the agent from following commands embedded within the fetched memo text.\n
  • Capability inventory: The skill has tools for creating, editing, and deleting content on the flomo platform, as documented in SKILL.md and references/workflows.md.\n
  • Sanitization: There is no evidence of filtering or sanitizing the retrieved memo content to prevent adversarial instructions from influencing agent behavior.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 6, 2026, 08:30 AM