Skills
skills/jtsang4/efficient-coding/memos/Gen Agent Trust Hub

memos

Warn

Audited by Gen Agent Trust Hub on Apr 11, 2026

Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The scripts/memos.ts script allows reading arbitrary local files via the attachment-body subcommand (using the --file flag) and the call subcommand (using the @file body notation). These files can then be uploaded to a remote Memos server, enabling potential exfiltration of sensitive information.
  • [COMMAND_EXECUTION]: The Bun script implements an --output flag for several operations (e.g., latest, recent, search, list-tags, attachment-body), which utilizes Bun.write to save data to any user-specified file path on the local system.
  • [PROMPT_INJECTION]: The skill facilitates an indirect prompt injection surface by retrieving and processing content from an external Memos instance.
  • Ingestion points: Memo content and snippets are ingested in scripts/memos.ts through the latest, recent, search, and list-tags commands.
  • Boundary markers: Absent; memo content is processed without clear delimiters or instructions to ignore embedded commands.
  • Capability inventory: The skill possesses the ability to read and write files and perform network requests via the Memos API.
  • Sanitization: No content validation or sanitization is performed on the retrieved memo data before it is presented to the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 11, 2026, 02:16 PM