deepvista-memory
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes the
deepvistaCLI to perform data operations. Commands such asdeepvista card createanddeepvista card updateincorporate user-supplied content into shell arguments. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests data from automated memory and knowledge cards. * Ingestion points:
deepvista memory show,deepvista memory search,deepvista card get, anddeepvista card +searchinSKILL.mdanddeepvista-vistabase/SKILL.md. * Boundary markers: Not present in the instruction set. * Capability inventory: Subprocess calls to thedeepvistaCLI for CRUD and search operations. * Sanitization: No explicit instructions for escaping or sanitizing retrieved data before agent processing. - [SAFE]: All remote references point to the vendor's official domain (
app.deepvista.ai) or relate to well-known developer tools (uv). The metadata inconsistency indeepvista-vistabase/SKILL.md(labeling the card skill asdeepvista-memory) appears to be a clerical error rather than a deceptive tactic.
Audit Metadata