dashboard-from-research

Pass

Audited by Gen Agent Trust Hub on Jul 15, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection because it is designed to ingest and interpret external research data to drive automated code generation.
  • Ingestion points: Research data is ingested via memi research from-file <path> (Excel/CSV) and memi research from-stickies (FigJam) as described in SKILL.md.
  • Boundary markers: Absent. The skill does not instruct the agent to use delimiters or specifically ignore natural language instructions that might be embedded within the research data files.
  • Capability inventory: The skill possesses the capability to generate React/Tailwind code (memi generate) and launch a local preview server (memi preview), which could be abused if malicious instructions in the research data influence the generated output.
  • Sanitization: There is no mention of sanitization or validation of the input data to ensure it contains only research findings and not executable instructions.
  • [EXTERNAL_DOWNLOADS]: The skill references the author's GitHub repository (https://github.com/sarveshsea/memi) for the underlying toolset. As this resource belongs to the skill's author, it is documented as a standard vendor resource and does not contribute to a high-risk assessment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 15, 2026, 09:48 PM