mem0-switch-project
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script through a bash command to manage local project mappings. This script performs file I/O operations, including creating directories and writing to the user's home directory at
~/.mem0/project_map.json. - [PROMPT_INJECTION]: The skill uses a template where user-provided input (
<PROJECT_NAME>) is directly interpolated into a Python code block for shell execution, which presents a risk of indirect injection. - Ingestion points: The user-supplied project name argument enters the context through the manual override command (SKILL.md).
- Boundary markers: None present to delimit user input from the executable script content.
- Capability inventory: The skill uses the bash tool to run Python commands with full file system access to the vendor's configuration directory (SKILL.md).
- Sanitization: There are no instructions for the agent to sanitize or escape the project name before inserting it into the Python string literal, which could lead to command injection if a malicious string is provided.
Audit Metadata