memory-jq

This utility is a local jq-based memory editor that, when implemented carefully (using jq --arg/--argjson, avoiding shell interpolation, enforcing JSON validation after writes, and restricting writable paths/fields), is low risk. The primary risks identified are: (1) command injection if user inputs are interpolated into shell commands unsafely, (2) sensitive-data exposure via get operations to stdout/logs, and (3) potential file corruption if validation is not enforced. I assess moderate security risk if the implementation naively composes shell commands from unsanitized arguments and lacks field-level restrictions. Recommended mitigations: always use jq --arg/--argjson or direct jq APIs rather than shell interpolation, validate JSON after writes and refuse writes that produce invalid JSON, whitelist allowable json-paths or fields to limit scope, avoid exposing sensitive fields via get without authorization, and restrict Bash execution privileges for this skill to prevent broader command execution.