mnemos
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of a vendor-provided CLI tool
mnemosand a shell scriptmnemos-post-compact-inject.shto initialize memory databases, perform checkpoints, and re-inject state into the agent context. - [INDIRECT_PROMPT_INJECTION]: The skill manages a task-scoped memory lifecycle that involves re-injecting stored facts and decisions into the prompt context, creating a surface for potential indirect instructions.
- Ingestion points: Data is read from local storage in the
.mnemos/directory, specificallymnemo.db(SQLite) andcheckpoint-latest.json. - Boundary markers: Re-injected knowledge is demarcated by a 'CONTEXT RESTORED AFTER COMPACTION' header.
- Capability inventory: The skill is capable of executing shell commands via the
mnemosCLI and shell scripts. - Sanitization: No explicit sanitization or filtering of text within the memory nodes is described before it is re-injected into the context.
Audit Metadata