mem0-onboard
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local script
scripts/setup_coding_categories.pyusing the system Python interpreter to configure the environment. It also provides a command to initialize the agent using themem0-clitool. - [EXTERNAL_DOWNLOADS]: The wizard recommends installing the
mem0-clipackage from PyPI. This is a legitimate utility provided by the vendor (mem0ai) to facilitate API key management. - [DATA_EXFILTRATION]: The skill reads project configuration files such as
CLAUDE.md,.cursorrules, andAGENTS.mdand transmits their content to the Mem0 service via theadd_memorytool. This behavior is the primary intended function of the onboarding process to provide the agent with project context. - [INDIRECT_PROMPT_INJECTION]: The skill ingests content from external files (
CLAUDE.md, etc.) which could contain malicious instructions. However, the skill uses theinfer=Falseparameter when callingadd_memory, which instructs the service not to interpret the content as new instructions during ingestion, mitigating the risk.
Audit Metadata