dream
Warn
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs file deletions using the
Bashtool with a command constructed via simple string interpolation:rm '{path}'. This implementation is vulnerable to command injection if a filename contains a single quote (e.g.,'; [command]; '). An attacker or malicious process could potentially execute arbitrary code by placing a file with a crafted name into the targeted memory directories. - [COMMAND_EXECUTION]: The skill automates destructive file operations (
rm) across multiple directories, including.claude/agent-memory/and.claude/projects/. While this is intended for memory maintenance, the automated nature and lack of path validation increase the risk of accidental or malicious data loss. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes untrusted content from various memory files that may have been populated with data from external sources in previous sessions.
- Ingestion points: The skill uses
GlobandReadto process all.mdfiles within the.claude/memory hierarchy. - Boundary markers: None are employed; the skill parses the full body of the files for word-overlap and contradiction detection.
- Capability inventory: The skill has access to
Bash(used forrm),Write(used for updating theMEMORY.mdindex), andRead/Globtools. - Sanitization: No sanitization, escaping, or path validation is performed on the data extracted from the files before it is used in shell commands.
Audit Metadata