memrise
Warn
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill instructs the user to install the
memriseormemrise-clipackage globally via npm or bun. There is a naming inconsistency between files (the primary README suggestsmemrisewhile the reference guide suggestsmemrise-cli), which increases the risk of a user or agent installing the wrong, potentially malicious, or deprecated package from a public registry. - COMMAND_EXECUTION (LOW): The skill is designed to construct and run shell commands using the
memclibinary. While this is the intended use case, it provides a direct interface for the agent to interact with the host system's shell. - PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection because it ingests untrusted data from the Memrise API (such as course titles or word definitions) that could contain hidden instructions for the AI.
- Ingestion points: Data entering the context via
memcli courses,memcli words, andmemcli levelscommands. - Boundary markers: Absent; there are no instructions or delimiters shown to ensure the agent ignores instructions embedded within the retrieved course data.
- Capability inventory: Execution of shell commands through the
memcliutility. - Sanitization: No evidence of sanitization or filtering of the CLI output before it is processed by the agent.
Audit Metadata