Skills
skills/guillermomurillo/memo-flow/uninstall-memo-flow/Gen Agent Trust Hub

uninstall-memo-flow

Fail

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The modules/user-registry.sh and modules/manifest.sh scripts use python3 -c to execute Python code with shell variables interpolated directly into the script string. This creates a vulnerability where arbitrary Python code can be executed if a user provides a maliciously crafted project path or if the scripts are run in a directory with a name designed to escape the Python string literal.\n- [REMOTE_CODE_EXECUTION]: The injection vulnerability in the Python processing logic allows for code execution triggered by environment-based inputs (such as the current directory path). This poses a high risk when the uninstaller is executed within an untrusted repository.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the .claude/memo-flow/manifest.json file. The uninstaller follows instructions in this file to delete files or modify settings without validating the paths, enabling path traversal attacks.\n
  • Ingestion points: .claude/memo-flow/manifest.json (read by uninstall-memo-flow.sh).\n
  • Capability inventory: Deletion of files (rm -f), modification of .gitignore, and editing of .claude/settings.json.\n
  • Sanitization: None. The script does not validate that target paths in the manifest are restricted to the project directory, allowing for the deletion of arbitrary files (e.g., ../../.ssh/id_rsa) if specified in the manifest.\n
  • Boundary markers: Absent.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 23, 2026, 08:51 PM
Security Audit — agent-trust-hub — uninstall-memo-flow