model-enhancement-servers
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALSAFE
Full Analysis
- Indirect Prompt Injection (LOW): The Knowledge Graph Memory server (memory/README.md) enables the agent to store and retrieve observations about the user and entities. This creates a surface for indirect prompt injection where untrusted data processed by the agent could be stored in the graph and later influence the agent's behavior during retrieval.
- [Ingestion Point]: Data enters via the
create_entitiesandadd_observationstools. - [Boundary Markers]: None present in the provided documentation to delimit untrusted data within the graph.
- [Capability Inventory]: The server performs local file-system writes to
memory.json. - [Sanitization]: No explicit sanitization or validation of the observation content is shown in the provided specification.
- Automated Scan Alert (SAFE): The URLite scanner alert for 'request.params.name' is a confirmed false positive. The scanner misinterpreted a standard property access in the MCP SDK (sequentialthinking/index.ts) as a phishing URL.
- Data Exposure (SAFE): While the memory server handles potentially sensitive user information, it stores data locally in a JSON file (
memory.json) and communicates viastdio, avoiding network-based exfiltration risks. - Persistence (SAFE): The skill intentionally implements persistence as its primary feature (Memory Server), using standard local file storage.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata