remembering
Pass
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXPOSURE]: The skill automatically detects and reads API tokens and database URLs from environment variables and well-known local file paths such as /mnt/project/turso.env and /mnt/project/muninn.env to authenticate with its backend services.- [REMOTE_CODE_EXECUTION]: Through the install_utilities function in scripts/utilities.py, the skill retrieves Python code stored in the remote Turso database and materializes it into executable modules at ~/muninn_utils. This is a documented core feature designed for self-updating operational logic.- [COMMAND_EXECUTION]: The boot sequence and GitHub API interfaces utilize subprocess.run to interact with the GitHub CLI (gh) and the jq utility for environment detection and data processing.- [EXTERNAL_DOWNLOADS]: Fetches memory context, configuration settings, and utility code from the vendor's Turso database (assistant-memory-oaustegard.aws-us-east-1.turso.io) and interacts with the official GitHub API.- [INDIRECT_PROMPT_INJECTION]:\n
- Ingestion points: Data is ingested from the Turso database via the recall and recall_batch functions in scripts/memory.py.\n
- Boundary markers: No specific boundary markers are used when presenting retrieved memory content to the agent context.\n
- Capability inventory: The skill possesses capabilities for shell command execution, filesystem writes, and network operations.\n
- Sanitization: Employs parameterized SQL statements throughout the turso.py and memory.py modules to protect against SQL injection.- [DYNAMIC_EXECUTION]: Uses importlib to dynamically load the configuring skill for environment management and generates executable .py files from database-stored strings within the utility system.
Audit Metadata