skills/mem0ai/mem0/import/Gen Agent Trust Hub

import

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes local Python scripts (parse_export_file.py and import_competing_tools.py) located within the plugin's root directory. These scripts are used to process and parse data from various files.
  • [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8) because it ingests and processes data from external sources that may be attacker-controlled.
  • Ingestion points: Processes data from Markdown export files (mem0-export*.md), third-party AI tool configurations (.cursorrules, .github/copilot-instructions.md, .continue/rules.md), and Claude Code's native MEMORY.md file.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore potentially malicious content within the imported files.
  • Capability inventory: The skill possesses the capability to execute shell commands (ls, grep, python3) and modify the agent's persistent memory via the add_memory tool call.
  • Sanitization: There are no sanitization or filtering steps described to validate the content being imported into the memory system, allowing instructions embedded in those files to influence future agent behavior.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 04:11 PM
Security Audit — agent-trust-hub — import