Skills
skills/insogao/amw/amw-memory-operator/Gen Agent Trust Hub

amw-memory-operator

Pass

Audited by Gen Agent Trust Hub on Feb 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions and templates for executing local shell commands via npm run amw to control the automation workbench and manage session profiles.
  • [REMOTE_CODE_EXECUTION]: The eval_js action enables the execution of arbitrary JavaScript code within the context of the automated browser session, which is a powerful runtime execution capability.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface (Category 8):
  • Ingestion points: The agent ingests untrusted data from external websites via actions like snapshot, eval_js, and get_url.
  • Boundary markers: No explicit delimiters or boundary markers are defined to isolate external web content from the agent's internal instruction context.
  • Capability inventory: The agent can execute JavaScript in the browser environment, write artifacts to the local filesystem, and trigger local CLI operations.
  • Sanitization: No evidence of sanitization, filtering, or validation of the content retrieved from websites is present before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 26, 2026, 07:40 AM