memos-cloud-developer
Fail
Audited by Snyk on Jun 17, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.80). Most links are API/documentation and benign placeholders, but the presence of raw GitHub resource URLs plus an explicit instruction to run scripts/upgrade.py that fetches and writes remote files (a supply‑chain update step) makes this set a moderate-to-high security risk because it could be used to download and execute malicious payloads.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required workflow runs
scripts/upgrade.py, which fetches remoteresources/*.md(includingresources/cn/index.md/resources/en/index.md) from GitHub raw at runtime; those outsider-authored markdown files are then read and can be injected into the agent’s LLM context via the skill’s subsequent “read resources” steps.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The included runtime updater script (scripts/upgrade.py) fetches and replaces the skill's resource files from https://raw.githubusercontent.com/MemTensor/MemOS-Cloud-Skill/main/memos-cloud-developer/resources at runtime (version/meta.json and resource files), and those fetched markdown resources directly control the skill's prompts and routing, so this is a remote content dependency that can change agent behavior.
Issues (3)
E005
CRITICALSuspicious download URL detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata