Skills
skills/maimemo/memo-skills/memo-api/Gen Agent Trust Hub

memo-api

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes the curl tool to perform authenticated HTTP requests to the MaiMemo Open API. These operations are essential for the skill's functionality and are restricted to the official API domain.
  • [EXTERNAL_DOWNLOADS]: Content such as vocabulary definitions, study records, and mnemonic notes are retrieved from https://open.maimemo.com. This represents expected data fetching from the service provider's infrastructure.
  • [DATA_EXFILTRATION]: User-generated content (including custom interpretations and phrases) is transmitted to the MaiMemo API. This behavior is consistent with the skill's purpose of managing cloud-synced educational data and relies on a user-provided MAIMEMO_TOKEN for authorization.
  • [PROMPT_INJECTION]: As the skill ingests external text data like notes and definitions from an API, it possesses an attack surface for indirect prompt injection. However, this risk is limited as the data typically originates from the user's own account or curated educational databases.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 07:30 AM