Skills
skills/othmanadi/code-memory-router/code-memory-router/Gen Agent Trust Hub

code-memory-router

Pass

Audited by Gen Agent Trust Hub on Apr 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill defines several shell commands for search and indexing, including qmd query, qmd search, and python -m mempalace search. These commands are intended to be executed with user-supplied strings, which can be an entry point for command injection if not properly handled by the agent.
  • [EXTERNAL_DOWNLOADS]: The skill documentation recommends the installation of external third-party tools from GitHub repositories (tobil/qmd and mempalace/mempalace) to provide its core search and memory functionality.
  • [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection (Category 8) due to its core function of retrieving and processing external project data.
  • Ingestion points: Data is ingested from codebase search results (QMD) and persistent project memory (MemPalace), as described in SKILL.md and references/tool_selection.md.
  • Boundary markers: The instructions do not provide specific delimiters or instructions to the agent to treat retrieved content as untrusted data.
  • Capability inventory: The skill has the ability to execute shell commands and read project files via the scripts/inspect_embedding_metadata.py helper script.
  • Sanitization: There is no evidence of sanitizing or validating the retrieved content before it is incorporated into the agent's context.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 15, 2026, 09:20 AM