stats
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script (
session_stats.py) to retrieve session metrics. The script path is determined using standard environment variables such asCLAUDE_PLUGIN_ROOT. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and summarizes memory content retrieved from external API tools (
get_memories,search_memories). - Ingestion points: Output from
get_memoriesandsearch_memoriesMCP tools. - Boundary markers: Absent; memory content is processed directly for grouping and highlights.
- Capability inventory: Local Python execution and file writing to
~/.mem0/. - Sanitization: No explicit sanitization or filtering of memory content before summarization is described.
- [DATA_EXFILTRATION]: The skill writes weekly activity digests and history logs to
~/.mem0/weekly-digest.mdand~/.mem0/digest-history.log. These are local file operations for data persistence and do not involve unauthorized network transmission.
Audit Metadata