Skills
skills/yonatangross/orchestkit/memory/Gen Agent Trust Hub

memory

Warn

Audited by Gen Agent Trust Hub on Feb 21, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • COMMAND_EXECUTION (MEDIUM): The file scripts/graph-utils.mjs includes an openInBrowser function that utilizes execFileSync to execute shell commands (open, start, or xdg-open) based on the operating system. While used for visualization, this pattern involves subprocess execution with path-based arguments.
  • PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection because it retrieves and processes content from untrusted external sources (local memory files and MCP tool outputs) which are then presented to the agent.
  • Ingestion points: Data is ingested via readJsonl from .claude/memory/decisions.jsonl in scripts/graph-utils.mjs and through the mcp__memory__search_nodes tool in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent processes retrieved memory nodes.
  • Capability inventory: The skill is granted high-privilege capabilities including the Bash tool and file system modification tools (Read, Edit).
  • Sanitization: While sanitizeId exists for Mermaid node identifiers, there is no sanitization or escaping of the actual text content retrieved from the knowledge graph before it is interpolated into the agent's context.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 21, 2026, 03:19 AM