gemini-memory-sync
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The 'Section-Based Sync' pattern is vulnerable to shell injection. It uses an unquoted heredoc (<< EOF) to process variables derived from CLAUDE.md. Any command substitution (e.g., $(...) or
...) within the source file will be executed by the shell during the synchronization process if the agent or user runs the provided script pattern. - [PROMPT_INJECTION] (LOW): Indirect prompt injection surface identified. Content from CLAUDE.md is ingested and written to GEMINI.md (the agent's memory) without sanitization or boundary markers. Evidence: 1. Ingestion point: CLAUDE.md via sed/grep. 2. Boundary markers: Absent. 3. Capability inventory: Bash, Read, Glob, Grep tools. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata