memoire-design-tooling
Pass
Audited by Gen Agent Trust Hub on Jul 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the @memi-design/cli utility from the NPM registry.
- [EXTERNAL_DOWNLOADS]: Downloads skill configurations from the author's repository using npx skills add sarveshsea/memi.
- [COMMAND_EXECUTION]: Executes a suite of memi CLI commands to perform interface audits, design-system exports, and project diagnostics.
- [COMMAND_EXECUTION]: The skill configures local agent environments through the memi agent install command for platforms like Claude Code, Cursor, and Hermes.
- [PROMPT_INJECTION]: The skill processes untrusted local data (READMEs, project specs) which serves as an ingestion point for potential indirect prompt injection. 1. Ingestion points: Local project files including AGENTS.md, README files, and the .memoire/ directory. 2. Boundary markers: None identified in the instruction set. 3. Capability inventory: Shell command execution and environment modification via the memi CLI. 4. Sanitization: No explicit content validation steps are defined for the ingested data.
Audit Metadata