mem0-mcp
Pass
Audited by Gen Agent Trust Hub on May 22, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill establishes a workflow for persistent memory, which naturally introduces an attack surface for indirect prompt injection.
- Ingestion points: Untrusted data enters the agent context through user prompts and activity summaries processed by the
add_memorytool as described in SKILL.md. - Boundary markers: There are no explicit instructions for using delimiters or negative constraints to prevent the agent from executing instructions found within retrieved memories.
- Capability inventory: The skill uses
add_memory,search_memories, andget_memoriestools to manage the lifecycle of project context (SKILL.md). - Sanitization: The protocol does not define sanitization or filtering steps for the content being stored or recalled.
- [EXTERNAL_DOWNLOADS]: The documentation mentions several internal project files, such as
scripts/setup_coding_categories.pyandon_pre_compact.py. These references appear to describe the skill's operational environment and do not constitute an instruction to download or execute code from untrusted remote sources.
Audit Metadata