ai-memory-setup
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Executes several local Node.js scripts, including
.github/scripts/_registry.cjsandbootstrap-heir.cjs, to perform environment discovery and initialize the file structure on the user's cloud drive.\n- [DATA_EXFILTRATION]: Implements an auto-discovery algorithm that scans the user's entire HOME directory for specific folder patterns associated with common cloud providers (e.g., OneDrive, iCloud, Dropbox, MEGA). This represents broad file system probing for sensitive storage locations.\n- [PROMPT_INJECTION]: Ingests untrusted data from shared cloud folders through 'announcements' and 'knowledge packages' which are reported to the user or used to guide agent tasks, creating an indirect prompt injection surface.\n - Ingestion points: Reads files from
AI-Memory/announcements/andAI-Memory/knowledge/directories on the cloud drive (SKILL.md).\n - Boundary markers: None identified; instructions do not require the use of delimiters or 'ignore' instructions for external content.\n
- Capability inventory: Performs file-write operations to cloud storage and executes local Node.js scripts (SKILL.md).\n
- Sanitization: No input validation or instruction filtering is mentioned for the ingested shared content.
Audit Metadata