Skills
skills/sebas-aikon-intelligence/antigravity-awesome-skills/agent-memory-mcp/Gen Agent Trust Hub

agent-memory-mcp

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill requires cloning a repository from an untrusted source (https://github.com/webzler/agentMemory.git). This source is not on the trusted list and lacks verification.
  • [COMMAND_EXECUTION] (HIGH): The installation process involves running npm install and npm run compile on the untrusted code, followed by npm run start-server. This provides a path for arbitrary code execution on the host machine.
  • [PROMPT_INJECTION] (HIGH): The skill implements a persistent memory system that is highly vulnerable to Indirect Prompt Injection (Category 8).
  • Ingestion points: Untrusted data enters the agent context through the memory_write tool, which stores strings from any source the agent processes (e.g., external web content).
  • Boundary markers: Absent. There are no instructions or delimiters to prevent the agent from obeying commands stored within the memory content.
  • Capability inventory: The skill has file-write capabilities (syncing with documentation) and persistent storage. Maliciously crafted memories can influence any future agent decision that relies on memory_search or memory_read outputs.
  • Sanitization: Absent. There is no evidence of validation or filtering for executable instructions within stored memories.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:16 AM