memory-management
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill's scripts (
scripts/memory-backup.shandscripts/memory-consolidate.sh) usenpx @claude-flow/clito export and optimize memory. This pattern downloads and executes code from the npm registry during execution. Because the package provider is not a trusted vendor and is not associated with the skill author (growgami), it presents a high risk of executing unverified external code. - [EXTERNAL_DOWNLOADS]: Use of
npxwithout version constraints results in the automatic download of the latest version of the @claude-flow/cli tool from the public npm registry. This exposes the environment to potential supply chain attacks where a malicious package update could be executed without user intervention. - [COMMAND_EXECUTION]: The skill includes shell scripts that perform system-level operations. There is a notable discrepancy between the SKILL.md documentation, which claims 'no external CLI or dependencies required,' and the actual inclusion of scripts that depend on external packages via npx.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) based on its architectural design:
- Ingestion points: Data is read from
memory/clients.md,memory/skill-patterns.md, andmemory/signals.mdin SKILL.md. - Boundary markers: Absent. The skill instructions do not specify any delimiters or safety warnings to ignore instructions that might be embedded in the memory files.
- Capability inventory: The skill can execute shell scripts and external CLI tools via npx.
- Sanitization: Absent. The data read from memory files is processed directly by the agent to influence its behavior and decisions without validation or escaping.
Recommendations
- AI detected serious security threats
Audit Metadata