mem-remember

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It runs a non-interactive bulk dump of "all indexed team knowledge" and instructs the agent to print that output verbatim into context, so any secrets or API keys present in the indexed data would be handled and emitted directly.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "npx @codevoyant/agent-kit mem remember" at session start, which fetches and executes a remote npm package at runtime and therefore can directly control prompts or execute code.