skills/mem0ai/mem0/mem0-mcp/Gen Agent Trust Hub

mem0-mcp

Pass

Audited by Gen Agent Trust Hub on May 22, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill establishes a workflow for persistent memory, which naturally introduces an attack surface for indirect prompt injection.
  • Ingestion points: Untrusted data enters the agent context through user prompts and activity summaries processed by the add_memory tool as described in SKILL.md.
  • Boundary markers: There are no explicit instructions for using delimiters or negative constraints to prevent the agent from executing instructions found within retrieved memories.
  • Capability inventory: The skill uses add_memory, search_memories, and get_memories tools to manage the lifecycle of project context (SKILL.md).
  • Sanitization: The protocol does not define sanitization or filtering steps for the content being stored or recalled.
  • [EXTERNAL_DOWNLOADS]: The documentation mentions several internal project files, such as scripts/setup_coding_categories.py and on_pre_compact.py. These references appear to describe the skill's operational environment and do not constitute an instruction to download or execute code from untrusted remote sources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 22, 2026, 11:15 AM
Security Audit — agent-trust-hub — mem0-mcp