Skills
skills/jmagar/claude-homelab/memos/Gen Agent Trust Hub

memos

Warn

Audited by Gen Agent Trust Hub on Apr 5, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [PROMPT_INJECTION]: The SKILL.md file uses forceful language, including '⚠️ MANDATORY SKILL INVOCATION ⚠️' and 'Failure... violates your operational requirements', to override the agent's internal logic and force the use of the skill.
  • [COMMAND_EXECUTION]: The resource-api.sh script includes a download command that allows the agent to write files to arbitrary local paths via the --output parameter. This could be exploited to overwrite sensitive configuration files or install persistence mechanisms if the agent is manipulated by malicious input.
  • [DATA_EXFILTRATION]: The resource-api.sh script provides an upload function that can send any local file to the configured remote Memos server, providing a mechanism for exfiltrating sensitive data if the agent is directed to upload files like ~/.ssh/id_rsa or .env files.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes and returns content from an external service (Memos API) to the agent, creating a surface for indirect instructions to influence agent behavior.
  • Ingestion points: Memo content retrieved via memo-api.sh, search-api.sh, and tag-api.sh.
  • Boundary markers: Absent; no delimiters or instructions to ignore embedded commands are used when presenting memo content to the agent.
  • Capability inventory: The skill possesses file read/write capabilities via resource-api.sh, memo deletion via memo-api.sh, and general network access via curl.
  • Sanitization: Absent; the retrieved content is passed directly to the agent's context without filtering or escaping.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 5, 2026, 04:03 PM