supermemory-save
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a Node.js script using the Bash tool:
node "${CLAUDE_PLUGIN_ROOT}/scripts/save-project-memory.cjs" "FORMATTED_CONTENT". This constitutes dynamic command generation where content is interpolated into a shell string at runtime. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection that can lead to command injection. The
FORMATTED_CONTENTvariable is constructed based on user-provided data from the conversation. An attacker could provide input containing shell metacharacters (e.g., backticks, semicolons, or command substitutions) to terminate the intended command and execute arbitrary code on the host system. - Ingestion points: User conversation content and project details analyzed in Step 1 and formatted in Step 2 of SKILL.md.
- Boundary markers: Absent. While the content is wrapped in double quotes in the shell command, there are no instructions or delimiters provided to the agent to escape characters that could break out of those quotes.
- Capability inventory: The skill uses the
Bashtool to execute Node.js scripts, providing a pathway to system-level execution. - Sanitization: Absent. The instructions do not specify any validation, escaping, or sanitization of the user-influenced content before it is passed to the shell.
Audit Metadata