Skills
skills/xfstudio/skills/agent-memory-mcp/Gen Agent Trust Hub

agent-memory-mcp

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (HIGH): The skill instructs the user to clone a repository from an untrusted GitHub account (webzler/agentMemory) that is not within the recognized trust scope.
  • Evidence: git clone https://github.com/webzler/agentMemory.git .agent/skills/agent-memory in SKILL.md.
  • [COMMAND_EXECUTION] (HIGH): The setup and usage instructions involve executing scripts from the downloaded repository, allowing for arbitrary code execution on the host machine.
  • Evidence: npm install, npm run compile, and npm run start-server in SKILL.md.
  • [REMOTE_CODE_EXECUTION] (HIGH): By downloading and running an unverified MCP server, the skill enables remote code execution capabilities where the server logic (not visible in this file) controls the agent's interaction with the system.
  • Evidence: The skill's primary function is to launch an external server that manages project memory.
  • [PROMPT_INJECTION] (HIGH): The skill creates an Indirect Prompt Injection surface (Category 8) by processing untrusted project data and workspace files into the agent's memory bank.
  • Ingestion points: memory_write tool and the target workspace path passed to the server.
  • Boundary markers: Absent in the documentation.
  • Capability inventory: Read/Write access to the workspace via tools; execution via npm scripts.
  • Sanitization: No sanitization or validation of the 'content' or workspace data is mentioned.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 06:16 AM