Skills
skills/cloudvoyant/codevoyant/mem-find/Gen Agent Trust Hub

mem-find

Fail

Audited by Gen Agent Trust Hub on Mar 20, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill constructs a shell command by interpolating user-provided inputs for <type> and <tag> into the npx @codevoyant/agent-kit mem find command. A malicious user could provide input containing shell meta-characters (e.g., ;, &, |, or backticks) to execute arbitrary commands on the host system.
  • [EXTERNAL_DOWNLOADS]: The skill uses the npx command to download and run the @codevoyant/agent-kit package directly from the npm registry during execution.
  • [REMOTE_CODE_EXECUTION]: By combining the execution of remote code via npx with unsanitized shell interpolation of user input, the skill presents a significant risk of arbitrary code execution.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 20, 2026, 11:51 PM