atxp-memory
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes
npx atxp@latestacross all primary commands. This practice downloads and executes the most recent version of the 'atxp' package from npm at runtime without version pinning or integrity verification, allowing for arbitrary code execution if the package is compromised. - [DATA_EXFILTRATION] (MEDIUM): The
pushcommand facilitates the transfer of local.mdfiles to externalatxp.aiservers. Although restricted to markdown, these files frequently contain sensitive agent state, identity documents (e.g., SOUL.md), and private interaction logs. - [COMMAND_EXECUTION] (MEDIUM): The skill relies on shell command execution via the
npxbinary to perform its core functions. - [EXTERNAL_DOWNLOADS] (MEDIUM): The skill requires the installation of the
@zvec/zvecpackage from an external registry for local indexing and search capabilities. - [PROMPT_INJECTION] (LOW): As an indirect prompt injection surface, the skill ingests untrusted data via
memory pull(server files) and provides them to the agent viamemory search. Ingestion points: File restoration from cloud and local search results. Boundary markers: None specified. Capability inventory: File writing (pull), network upload (push), and shell execution (npx). Sanitization: No evidence of sanitization for retrieved content.
Recommendations
- AI detected serious security threats
Audit Metadata