hybrid-memory
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes local bash scripts (e.g.,
~/clawd/scripts/memory-hybrid-search.sh) and theqmdcommand for its core functionality. These operations are consistent with the skill's primary purpose of memory recall and logging. - INDIRECT_PROMPT_INJECTION (LOW): The skill takes user-provided strings and passes them as arguments to shell commands. This creates a potential surface for command injection if the underlying scripts do not properly sanitize or escape shell metacharacters. Ingestion points: User queries and facts are passed directly into script arguments in
SKILL.md. Boundary markers: None present in the provided instructions. Capability inventory: The skill allows for local shell script execution. Sanitization: The instructions do not specify any sanitization or validation of the input before it is passed to the shell.
Audit Metadata