llmem-setup
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the agent to download and execute setup scripts directly from the vendor's GitHub repository and from Ollama, a well-known service for local LLMs.
- [COMMAND_EXECUTION]: Employs shell commands for dependency installation (npm and pip) and uses systemd user timers to establish persistence for a background maintenance task named 'dream'.
- [EXTERNAL_DOWNLOADS]: Fetches software components and machine learning models from external sources including GitHub and Ollama's model registry.
- [PROMPT_INJECTION]: This skill introduces a surface for indirect prompt injection via its memory integration instructions.
- Ingestion points: Memories are retrieved from the local database and injected into the agent's context through AGENTS.md or rules.md instructions.
- Boundary markers: The instructions use markdown headers to separate memory content but do not include explicit instructions to the agent to ignore any commands potentially embedded in the retrieved memory.
- Capability inventory: The skill environment has capabilities for shell execution, file system modifications, and network access.
- Sanitization: There is no evidence in the prompt instructions of automated sanitization or filtering of content retrieved from memory before injection.
Audit Metadata