The Agent Skills Directory

[NO_CODE] (MEDIUM): No executable scripts or logic files were provided for analysis. All security claims regarding AES-256-GCM encryption and data masking are purely documentation-based and cannot be verified for safety or correctness.
[CREDENTIALS_UNSAFE] (MEDIUM): The setup instructions in SKILL.md direct the user to store a master key in a .env file. This creates a high-value target for data exposure if the agent environment allows other components to read local files.
[COMMAND_EXECUTION] (LOW): The skill requires the use of openssl via shell for key generation. While typical for setup, the lack of code for the 'Rotate' capability prevents verification of how shell commands are constructed, leaving a potential opening for command injection.
[DATA_EXFILTRATION] (MEDIUM): The skill is designed to decrypt sensitive secrets. Without source code, it is impossible to verify if the 'Retrieve' or 'Audit' capabilities include hidden exfiltration of these secrets to the Redis backend or external network endpoints.

mema-vault