hindsight-local
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill utilizes
uvx hindsight-embed, which fetches and runs a Python package from PyPI at runtime. The packagehindsight-embedis not from a trusted organization or repository defined in the security framework. - COMMAND_EXECUTION (MEDIUM): Multiple shell commands are executed via
uvxto manage persistent state; if the external package were compromised, it would have full access to the agent's environment. - PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8). 1. Ingestion points: Data is stored via
memory retainfrom arbitrary task outcomes and user-provided context. 2. Boundary markers: No delimiters or specific instructions are provided to the agent to treat recalled memories as untrusted data. 3. Capability inventory: The agent has shell access viauvxand other tools. 4. Sanitization: No sanitization or validation of stored memories is performed before they are synthesized by thereflectorrecallcommands.
Audit Metadata