Skills
skills/unbrowse-ai/skill-memory-router/host-memory-router/Gen Agent Trust Hub

host-memory-router

Pass

Audited by Gen Agent Trust Hub on Apr 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/write-host-memory.mjs generates and writes instructions, including npx installation commands, into host-specific configuration files.
  • [COMMAND_EXECUTION]: The skill modifies persistent configuration files within the project directory and the user's home directory (e.g., ~/.claude/CLAUDE.md, ~/.codex/AGENTS.md) to define agent routing behavior.
  • [EXTERNAL_DOWNLOADS]: The skill references the vendor's GitHub repository (https://github.com/unbrowse-ai/unbrowse) to provide installation sources for additional skills.
  • [DATA_EXFILTRATION]: The script interacts with sensitive agent configuration paths in the user's home directory (e.g., ~/.claude/CLAUDE.md) to perform block-level updates.
  • [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection as it processes and interpolates data from external JSON preset files into core agent instructions.
  • Ingestion points: scripts/write-host-memory.mjs reads data from a JSON file provided via the --preset command-line argument.
  • Boundary markers: Output is wrapped in <!-- HOST_MEMORY_ROUTER:BEGIN --> markers used for internal block management; no agent-specific boundary instructions are present to mitigate embedded command obedience.
  • Capability inventory: The script uses writeFileSync in scripts/write-host-memory.mjs to modify persistent agent configuration files.
  • Sanitization: JSON values (title, repo, routes) are interpolated directly into the generated markdown without sanitization or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 3, 2026, 12:39 PM