agent-memory-mcp
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The setup process involves cloning a repository from an untrusted source (
github.com/webzler/agentMemory) and runningnpm install. This grants the untrusted code execution privileges on the host system during the build and runtime phases. - Indirect Prompt Injection (HIGH): The skill manages external content that can influence agent behavior. Ingestion points: Data enters the system through the
contentargument of thememory_writetool. Boundary markers: There are no delimiters or instructions provided to the agent to ignore instructions embedded within stored memories. Capability inventory: The skill has the ability to write to and read from the local filesystem and run local servers. Sanitization: No input validation or sanitization of memory content is specified. This allows malicious instructions to be persisted and subsequently triggered when the agent searches or reads from the memory bank. - Command Execution (MEDIUM): The startup scripts for the MCP server and dashboard accept absolute file paths as arguments. This could be used to target sensitive directories if the agent is manipulated into pointing the tools at system-critical paths.
Recommendations
- AI detected serious security threats
Audit Metadata