memoriesweave
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
curlutility via the Bash tool as the primary method for interacting with the MemoriesWeave REST API. It also describes a pipeline for physical product export that involves executingnpx playwright installand running Python scripts for image processing and database manipulation. - [EXTERNAL_DOWNLOADS]: The skill downloads user-specific assets, such as HTML templates and images, from the vendor's infrastructure (Convex and Cloudflare R2). It also downloads the Playwright browser automation tool. These downloads are restricted to well-known services and the vendor's own verified endpoints, supporting the intended photobook creation workflow.
- [DATA_EXFILTRATION]: User data, including photo metadata and chat logs, is retrieved from and pushed to the MemoriesWeave platform. The skill utilizes local storage (e.g.,
/tmp/photos.json) for caching and processing large datasets efficiently. No evidence of unauthorized data transmission to third-party domains was found. - [SAFE]: The skill incorporates robust security and integrity measures, such as 'verification agents' that perform multiple passes to cross-reference AI-generated content against raw conversation data. It also utilizes visual confirmation via screenshots to ensure correct layout rendering before finalization, effectively mitigating risks associated with the ingestion of external data.
Audit Metadata