memory-bank
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill inherently relies on executing Bash and Python scripts to manage project state, run tests, and generate codebase metrics. This behavior is expected and properly scoped for a developer-oriented utility toolkit.
- [EXTERNAL_DOWNLOADS]: The
mb-upgrade.shscript enables self-updates by fetching content from the author's official GitHub repository (github.com/fockus/skill-memory-bank). This is handled via standard Git operations and is documented as a trusted update channel. - [SAFE]: The repository includes a robust security framework, including a built-in safety guard (
hooks/block-dangerous.sh) that monitors and blocks potentially harmful shell commands (e.g., recursive root deletions or fork bombs) initiated by the agent. - [SAFE]: The codebase shows evidence of significant security maturity, containing its own internal security audit reports and completed engineering plans that addressed potential path traversal and manifest poisoning risks in previous versions.
Audit Metadata