mem0-switch-project

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to execute a Python script through a bash command to manage local project mappings. This script performs file I/O operations, including creating directories and writing to the user's home directory at ~/.mem0/project_map.json.
  • [PROMPT_INJECTION]: The skill uses a template where user-provided input (<PROJECT_NAME>) is directly interpolated into a Python code block for shell execution, which presents a risk of indirect injection.
  • Ingestion points: The user-supplied project name argument enters the context through the manual override command (SKILL.md).
  • Boundary markers: None present to delimit user input from the executable script content.
  • Capability inventory: The skill uses the bash tool to run Python commands with full file system access to the vendor's configuration directory (SKILL.md).
  • Sanitization: There are no instructions for the agent to sanitize or escape the project name before inserting it into the Python string literal, which could lead to command injection if a malicious string is provided.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 08:32 PM
Security Audit — agent-trust-hub — mem0-switch-project