hindsight-self-hosted
Fail
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill includes an installation command
curl -fsSL https://hindsight.vectorize.io/get-cli | bashto set up the Hindsight CLI. While executing remote scripts is a high-risk pattern, this resource is hosted on the vendor's official domain and is an expected part of the setup process for this specific tool. - [COMMAND_EXECUTION]: The skill uses local shell commands to create configuration files (
mkdir,cat), set file permissions (chmod), and interact with thehindsightCLI to store and retrieve data. - [PROMPT_INJECTION]: The skill processes shared team data, creating an indirect prompt injection surface (Category 8). Ingestion points: Data is pulled into the agent's context via
hindsight memory recallandhindsight memory reflectas defined in SKILL.md. Boundary markers: The instructions do not define clear separators or warnings to prevent the agent from following instructions potentially embedded in the retrieved memory text. Capability inventory: The skill has the ability to execute CLI commands and modify local configuration files as seen in SKILL.md. Sanitization: There is no evidence of content filtering or sanitization of the retrieved memories before they are processed by the agent.
Recommendations
- HIGH: Downloads and executes remote code from: https://hindsight.vectorize.io/get-cli - DO NOT USE without thorough review
Audit Metadata