memory-management
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill frequently invokes
npx @claude-flow/cli. This command downloads the package from the npm registry and executes it at runtime. The package@claude-flow/clidoes not originate from a trusted organization or repository as defined in the security guidelines. - COMMAND_EXECUTION (MEDIUM): The skill uses shell scripts (
memory-backup.shandmemory-consolidate.sh) to execute system commands and the external CLI. This involves running executable logic outside of the core agent environment. - PROMPT_INJECTION (LOW): (Category 8
- Indirect Prompt Injection) The memory management system provides a surface for indirect prompt injection attacks.
- Ingestion points: Untrusted data enters the agent context via the
memory storecommand inSKILL.md. - Boundary markers: There are no specified delimiters or instructions to the agent to ignore embedded commands within the retrieved memory.
- Capability inventory: The skill possesses the ability to retrieve and display stored content to the agent via
memory searchandmemory getcommands. - Sanitization: No evidence of sanitization, filtering, or validation is present for the data being stored in or retrieved from the memory namespaces.
Audit Metadata