inmemoria
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill relies on
npx in-memoria, which downloads the package from the npm registry. Neither the package nor its author (pi22by7) are on the list of trusted sources. - REMOTE_CODE_EXECUTION (MEDIUM): Using
npxto execute code represents a remote code execution vector. The package is granted permission to read and analyze local project files to build its intelligence database. - COMMAND_EXECUTION (LOW): The skill utilizes several CLI commands (
setup,learn,check,watch,server) as part of its primary functionality for managing codebase state. - PROMPT_INJECTION (LOW): The skill processes untrusted codebase data (Category 8: Indirect Prompt Injection surface). Evidence Chain: 1. Ingestion points: Local files via
./src. 2. Boundary markers: Absent. 3. Capability inventory: Filesystem access, network server hosting, and CLI execution. 4. Sanitization: None mentioned. This creates a surface where instructions embedded in processed code could influence agent decisions.
Audit Metadata