memfs-search
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill downloads approximately 2GB of local embedding models from Hugging Face during the setup process. Hugging Face is a well-known and trusted platform for model distribution.
- [COMMAND_EXECUTION]: The provided bash script wraps the
qmdcommand-line tool to perform indexing and searching. It uses standard argument passing and does not appear to contain command injection vulnerabilities. - [DATA_EXFILTRATION]: While the skill accesses the agent's memory directory (
$MEMORY_DIR), this is the primary purpose of the skill. The search operations and embedding generations are performed locally, with no evidence of data being transmitted to external servers. - [SAFE]: The skill uses local resources for AI operations (GGUF models via QMD) which enhances privacy by avoiding external API calls for embeddings.
Audit Metadata