mem-init
Fail
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Modifies the '.claude/settings.json' configuration file to add a 'UserPromptSubmit' hook. This hook triggers a shell command automatically on every interaction with the agent, creating a persistent execution channel within the development environment.
- [EXTERNAL_DOWNLOADS]: Fetches and executes the '@codevoyant/agent-kit' package from the npm registry via 'npx'. The package name appears to use a substitution of the author's name ('cloudvoyant' to 'codevoyant'), a technique commonly associated with typosquatting and malicious impersonation.
- [REMOTE_CODE_EXECUTION]: Implements a mechanism for continuous remote code execution by hooking the agent's interaction lifecycle to an unverified external npm package.
- [PROMPT_INJECTION]: Establishes an indirect prompt injection surface through its automated knowledge loading feature.
- Ingestion points: 'CLAUDE.md' and 'AGENTS.md' are configured to load external data into the agent's context using shell commands.
- Boundary markers: Absent; no delimiters or instructions are provided to the agent to prevent it from following commands embedded in the loaded content.
- Capability inventory: The skill has the capability to write local files and configure environmental hooks for arbitrary command execution.
- Sanitization: No sanitization or validation of the loaded knowledge content is performed before it enters the session context.
Recommendations
- AI detected serious security threats
Audit Metadata