memfs-search
Warn
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the '@tobilu/qmd' package from the public NPM registry. It also fetches approximately 2GB of embedding models from Hugging Face during its setup process.
- [REMOTE_CODE_EXECUTION]: By instructing users to install and run the third-party '@tobilu/qmd' package, which is not authored by a recognized trusted organization, the skill introduces a dependency on external code that could pose a risk if the package or its registry entry is compromised.
- [COMMAND_EXECUTION]: The skill uses a bash script ('scripts/memfs-search.sh') as a wrapper for the 'qmd' tool. This script executes various shell commands to manage memory collections, generate embeddings, and perform queries.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It ingests untrusted data from the agent's memory directory ('$MEMORY_DIR'), and the resulting search snippets are returned to the agent without sanitization or boundary markers, potentially allowing malicious instructions in memory files to influence agent behavior.
Audit Metadata