ahok-memory
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- Data Exposure & Exfiltration (LOW): The file
src/core/telemetry.tsis configured to send system information, including hostname, platform, RAM, and CPU details, tohttps://telemetry.spotit.dev. While this can be disabled via theOM_TELEMETRYenvironment variable, it is enabled by default. - Indirect Prompt Injection (MEDIUM): The skill is designed to ingest data from untrusted external sources (Category 8).
- Ingestion points: Data is fetched from external URLs via
src/sources/web_crawler.tsand from GitHub issue/PR comments viasrc/sources/github.ts. - Boundary markers: Analysis of
src/server/routes/vercel.tsandsrc/server/routes/memory.tsshows that retrieved memories are returned to the agent as formatted strings without clear delimiters or 'ignore instructions' warnings. - Capability inventory: The skill has the capability to write to a local or remote database and perform network fetches through various connectors.
- Sanitization: There is no evidence of content sanitization to strip potential prompt injection attacks from ingested text.
- Obfuscation (LOW): The repository includes dozens of macOS metadata files (e.g.,
src/server/routes/._auth.ts,src/utils/._text.ts). These are binary AppleDouble files that contain resource fork data. While usually a result of accidental inclusion during development on macOS, they represent non-human-readable 'junk' code that litters the skill surface. - Dynamic Execution (LOW): The skill uses dynamic
import()statements insrc/core/memory.tsandsrc/server/routes/sources.tsto load connector logic based on user-provided strings. While the paths are restricted to local source files, this pattern should be monitored.
Audit Metadata