remember
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The execution block concatenates user-provided input (
<ARGS>) directly into a shell command:--content "<ARGS>". This allows an attacker to execute arbitrary commands on the host system by using shell metacharacters such as backticks, dollar-parenthesis, or by closing the double quotes and appending a new command (e.g.,"; rm -rf /; #). - [PROMPT_INJECTION] (LOW): The skill is a vector for indirect prompt injection. Since it stores 'learnings' in a database for future recall, a malicious user or untrusted data source could inject instructions that the agent later retrieves and treats as authoritative guidelines or patterns.
- Ingestion points: User input via the
/remembercommand. - Boundary markers: Absent; the content is wrapped in quotes but not sanitized for instruction markers.
- Capability inventory: Execution of local Python scripts via shell subprocess.
- Sanitization: None detected in the provided skill definition.
Recommendations
- AI detected serious security threats
Audit Metadata