mem
Pass
Audited by Gen Agent Trust Hub on Mar 22, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a local storage solution for agent 'memories' using a SQLite database located at
~/.mem/mem.db. Technical analysis confirms that all data handling is local, with no network-facing code, unauthorized data exfiltration, or hardcoded credentials detected. - [EXTERNAL_DOWNLOADS]: The skill uses
date-fnsandnanoidfrom the official NPM registry. These are well-known, versioned libraries used for standard date formatting and ID generation. No unverifiable remote scripts or automated downloads from untrusted sources are present. - [COMMAND_EXECUTION]: The CLI tool manages a local database but does not utilize
exec(),eval(), orsubprocesscalls to run arbitrary shell commands. It uses thebun:sqlitelibrary with prepared statements for all database interactions, preventing SQL injection. - [DATA_EXFILTRATION]: No network capabilities (such as
fetch,curl, or HTTP requests) are present in the source code. Local file access is limited to reading user-specified images for storage and writing exported images to a user-defined directory. - [PROMPT_INJECTION]: The skill stores untrusted data (user notes or stdin) which are later retrieved into the agent's context. While this creates an attack surface for indirect prompt injection:
- Ingestion points: Data enters via
stdinor command-line arguments insrc/cli.ts. - Boundary markers: None are present in the stored data.
- Capability inventory: The skill only performs local file read/write and SQLite operations; it cannot execute shell commands or access the internet.
- Sanitization: All inputs are handled using prepared SQL statements to prevent injection into the database engine. Given the limited capabilities of the skill, this risk is considered low.
Audit Metadata