memento-flashcards
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill manages data locally in the user's home directory using atomic writes to prevent file corruption.
- [EXTERNAL_DOWNLOADS]: Fetches YouTube transcripts via the
youtube-transcript-apilibrary. This is a well-known service and the behavior matches the skill's stated purpose. - [COMMAND_EXECUTION]: Executes local Python scripts for core functionality. Arguments are passed via standard CLI patterns and no unsafe shell execution was found.
- [DATA_EXFILTRATION]: No unauthorized network operations or credential harvesting patterns were identified. Data movement is restricted to user-initiated CSV exports and local storage.
- [SAFE]: Indirect prompt injection attack surface analysis:
- Ingestion points:
youtube_quiz.py(transcripts),memento_cards.py(CSV files) - Boundary markers: Absent in the quiz generation prompt in
SKILL.md - Capability inventory: Local file writes (JSON/CSV) and helper script execution
- Sanitization: Uses standard Python
jsonandcsvmodules for data serialization; behavior is consistent with tool purpose.
Audit Metadata