hindsight-cloud
Fail
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill documentation includes a command to download and execute a shell script directly from the vendor's domain (
https://hindsight.vectorize.io/get-cli | bash) to install the Hindsight CLI tool.\n- [DATA_EXFILTRATION]: The skill reads and writes a configuration file at~/.hindsight/configcontaining a user-provided API key. It communicates with the vendor's API endpoint (api.hindsight.vectorize.io) to store and retrieve data.\n- [COMMAND_EXECUTION]: The skill executes shell commands to check configuration, create directories, and run thehindsightCLI for memory operations.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by design.\n - Ingestion points: Knowledge retrieved from a shared, team-accessible memory bank via
hindsight memory recallis injected into the agent's context (SKILL.md).\n - Boundary markers: None. Recalled context is provided to the agent without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The agent has the ability to execute shell commands, read/write local files, and perform network operations via the
hindsightCLI (SKILL.md).\n - Sanitization: No validation or escaping is applied to the data retrieved from the remote memory bank before it is processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://hindsight.vectorize.io/get-cli - DO NOT USE without thorough review
Audit Metadata