hierarchical-agent-memory
Fail
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [DATA_EXFILTRATION]: The skill documentation explicitly states that the dashboard feature reads session data from
~/.claude/projects/. This directory contains sensitive information including past conversation history, system prompts, and project-specific context. Accessing these paths constitutes a high-risk data exposure. Additionally, the skill launches a web dashboard onlocalhost:7777, creating a potential network pathway for the accessed sensitive data. - [COMMAND_EXECUTION]: The skill defines several commands such as
go hamandham dashboardthat perform file system operations and process management. Thego hamcommand performs automated project platform detection and recursive directory analysis to generate configuration files throughout the project structure. - [EXTERNAL_DOWNLOADS]: The skill is sourced from an untrusted repository (
github.com/kromahlusenii-ops/ham) which is not associated with any trusted organizations or well-known services. It requires an external Node.js environment to execute its dashboard functionality. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from existing session history files.
- Ingestion points: Reads session JSONL files from
~/.claude/projects/(documented in SKILL.md). - Boundary markers: None identified in the provided description to separate historical session content from current instructions.
- Capability inventory: Performs file system writes (creating
CLAUDE.mdfiles) and network operations (launching a local web server). - Sanitization: No evidence of sanitization or validation of the ingested session data before processing or display.
Recommendations
- AI detected serious security threats
Audit Metadata