component-tester
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The script
scripts/test-memex-cli.shreferencesmemex-cli, an external Node.js package not listed in the trusted sources. Its suggested installation via npm constitutes an unverifiable dependency. - [PROMPT_INJECTION] (MEDIUM): The
memex-clitool serves as an interface for LLM backends, presenting a surface for indirect prompt injection. * Ingestion points: The--promptargument inscripts/test-memex-cli.sh. * Boundary markers: None implemented in the test script call. * Capability inventory: Network communication with AI providers (Anthropic, OpenAI, Google) and local command execution. * Sanitization: No sanitization or filtering of prompt content is observed. - [COMMAND_EXECUTION] (LOW): The test script executes shell commands and the
memex-clibinary to verify system status and functionality. - [CREDENTIALS_UNSAFE] (LOW): The script checks for the presence of several sensitive API keys (
ANTHROPIC_API_KEY,OPENAI_API_KEY,GOOGLE_API_KEY,GEMINI_API_KEY) in the environment. Although the keys are not exfiltrated, identifying their presence is a security-relevant action.
Audit Metadata