memory-cli-ops
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill is centered around executing the local binary
./target/release/memory-cli. It also suggests modifying the PATH environment variable introubleshooting.md. While standard for developer tools, these actions assume a trusted local environment to prevent binary hijacking. - [DATA_EXFILTRATION] (LOW): The troubleshooting documentation includes
curlcommands that transmit the$TURSO_TOKENto the$TURSO_URL. This poses a risk of credential exfiltration if the URL variable is manipulated to point to a malicious server. - [PROMPT_INJECTION] (LOW): The skill exhibits a surface for indirect prompt injection (Category 8) by accepting untrusted strings for tasks and observations. Evidence Chain: 1. Ingestion points:
commands.mdflags like--taskand--observation. 2. Boundary markers: None implemented in the command structure. 3. Capability inventory: Full execution of thememory-clitool including storage and config modifications. 4. Sanitization: No sanitization or validation of input strings is documented.
Audit Metadata