memory-search
Fail
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The installation instructions require cloning a repository from an untrusted GitHub organization (
23blocks-OS) and executing a shell script (./install-memory-tools.sh). This facilitates the execution of arbitrary, unvetted code on the host system. - [Indirect Prompt Injection] (LOW): The skill retrieves past conversation data, which creates a surface for indirect prompt injection. If the memory database contains malicious instructions from previous untrusted sessions, these could be re-introduced into the agent's current context.
- Ingestion points: Data retrieved from CozoDB via
memory-search.sh. - Boundary markers: Absent; no instructions are provided to the agent to treat retrieved memory as untrusted data.
- Capability inventory: Subprocess execution of shell scripts (
memory-search.sh,docs-search.sh,graph-describe.sh). - Sanitization: None specified for retrieved memory content.
Recommendations
- AI detected serious security threats
Audit Metadata