memory
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The utility scripts use
execFileSyncto invoke the system's default browser commands (such asopen,start, orxdg-open) to display generated HTML visualizations. - [EXTERNAL_DOWNLOADS]: The interactive playground template references the
vis-networklibrary from theunpkg.comCDN. This is used for rendering the force-directed graph in the browser. A Content Security Policy (CSP) is implemented in the template to restrict network connections and script execution. - [DATA_EXPOSURE]: The skill accesses project-specific data stored in the
.claude/memory/directory, including decision logs and graph data. This is necessary for its core purpose of recalling and visualizing session context. - [INDIRECT_PROMPT_INJECTION]: As the skill retrieves and presents data from past sessions, it handles content that may originate from untrusted sources. The implementation includes an
esc()function in the HTML templates to escape HTML entities and prevent injection during rendering.
Audit Metadata