import
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local Python scripts (
parse_export_file.pyandimport_competing_tools.py) located within the plugin's root directory. These scripts are used to process and parse data from various files. - [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes data from external sources that may be attacker-controlled.
- Ingestion points: Processes data from Markdown export files (
mem0-export*.md), third-party AI tool configurations (.cursorrules,.github/copilot-instructions.md,.continue/rules.md), and Claude Code's nativeMEMORY.mdfile. - Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the imported files.
- Capability inventory: The skill possesses the capability to execute shell commands (
ls,grep,python3) and modify the agent's persistent memory via theadd_memorytool call. - Sanitization: There are no sanitization or filtering steps described to validate the content being imported into the memory system, allowing instructions embedded in those files to influence future agent behavior.
Audit Metadata