project-memory
Fail
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: HIGHDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: Accesses sensitive application state and private data in the home directory. The skill specifically targets session histories, memory files, and configurations from multiple AI tools stored in paths such as
~/.claude/,~/.codex/, and~/.gemini/. - [COMMAND_EXECUTION]: Runs a local discovery script (
scripts/scan_agent_state.py) that lists all dot-directories in the home folder usingls -d ~/.[a-z]*. This allows the agent to identify and inspect metadata for any installed application on the system that uses hidden configuration directories. - [DATA_EXFILTRATION]: Reads and consolidates conversation transcripts (e.g.,
history.jsonl,.aider.chat.history.md) from previous AI sessions. These files may contain sensitive project details, PII, or credentials inadvertently shared in prior interactions. - [COMMAND_EXECUTION]: Uses the shell to calculate file lengths (
wc -l) and perform git log/diff operations across the project directory, which is part of its core logic but contributes to the broad command execution surface.
Recommendations
- AI detected serious security threats
Audit Metadata