memos
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill fetches data from an external Memos instance which creates a surface for indirect prompt injection if the fetched content contains malicious instructions.
- Ingestion points:
scripts/memos.shfetches memo content and comments viacurlfrom the user-configuredMEMOS_URL. - Boundary markers: The skill does not implement specific delimiters or 'ignore' instructions when presenting memo content to the agent.
- Capability inventory: The script can read, create, update, and delete memos and reactions, and uses
curl,jq, andpython3for processing. - Sanitization: While
jqis used for JSON structure handling, the actual text content is not sanitized to prevent instruction injection. - [COMMAND_EXECUTION]: The skill relies on executing local system commands to perform its operations.
- Evidence:
scripts/memos.shexecutescurl,jq, andpython3to interact with the REST API. - Context: The script uses
python3 -csnippets for URL encoding and JSON formatting, which are standard utility patterns in shell-based skills.
Audit Metadata