Skills
skills/nowledge-co/community/save-thread/Gen Agent Trust Hub

save-thread

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the nmem CLI tool to interact with project directories and session data. Specifically, it reads files from ~/.claude/projects/ to extract conversation history.
  • [EXTERNAL_DOWNLOADS]: The documentation suggests installing the nmem-cli package from PyPI. This package is provided by the vendor to facilitate the skill's functionality.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface because it processes untrusted chat messages from external session files and possesses network and command execution capabilities.
  • Ingestion points: ~/.claude/projects/ (contains raw chat logs).
  • Boundary markers: None specified in the instructions.
  • Capability inventory: CLI execution (nmem) and network transmission (to apiUrl).
  • Sanitization: No sanitization or validation of the ingested messages is mentioned.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 02:13 AM