Skills
skills/yonatangross/orchestkit/mem0-sync/Gen Agent Trust Hub

mem0-sync

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: CRITICALCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION] (CRITICAL): The skill is vulnerable to arbitrary shell injection via session-derived variables. Variables like {task_summary} and {decision_content} are wrapped in double quotes in a bash command string, which allows for command substitution (e.g., using $() or backticks).
  • Ingestion points: Session variables {task_summary}, {decision_content}, {pattern_description}, and {best_practice} used in SKILL.md.
  • Boundary markers: None. Variables are directly interpolated into bash execution strings.
  • Capability inventory: Shell execution via '!bash' for local Python scripts in SKILL.md.
  • Sanitization: None. The use of double quotes in the bash command does not prevent subshell execution of malicious payloads contained within the variables.
  • [DATA_EXFILTRATION] (HIGH): The skill automatically exfiltrates session data, summaries, and decisions to the Mem0 external service. It accesses sensitive local state files like '.claude/coordination/.decision-sync-state.json' and transmits their contents, which may contain sensitive project information.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 16, 2026, 01:59 AM