supermemory
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: A hardcoded SuperMemory API key is explicitly provided in the setup section of the
SKILL.mdfile. Hardcoding credentials in skill files is a high-risk practice as it exposes sensitive access tokens to any user or system reading the file. - [COMMAND_EXECUTION]: The shell scripts
scripts/add-memory.sh,scripts/chat.sh, andscripts/search.shconstruct JSON request bodies by interpolating unescaped shell variables directly into a heredoc block. This pattern allows for JSON injection, where an attacker providing input containing double quotes or other control characters can manipulate the structure of the resulting JSON payload sent to the SuperMemory API. - [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting and displaying data from an external memory store without proper sanitization or boundary enforcement. 1. Ingestion points: Memory content is retrieved from
api.supermemory.aiin thesearch.shandchat.shscripts. 2. Boundary markers: There are no delimiters or instructions provided to the agent to distinguish between its own system instructions and the untrusted content retrieved from the memory database. 3. Capability inventory: The skill environment allows for subprocess execution (bash scripts) and network communication (curl). 4. Sanitization: The retrieved content is printed directly to the standard output without any validation or escaping, allowing malicious instructions stored in memories to influence the agent's subsequent actions.
Recommendations
- AI detected serious security threats
Audit Metadata