Skills
skills/vm0-ai/vm0-skills/mem0/Gen Agent Trust Hub

mem0

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the curl utility to interact with the Mem0 API and references a zero doctor command for troubleshooting.
  • [DATA_EXFILTRATION]: User content and session identifiers are transmitted to api.mem0.ai to enable memory features. The skill also writes request payloads to /tmp/, which could expose data to other processes on the same system.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by retrieving and processing external memory data without sanitization or boundary markers.
  • Ingestion points: Memory data enters the agent context through GET /v1/memories/ and POST /v1/memories/search/ endpoints defined in SKILL.md.
  • Boundary markers: Absent; the instructions do not use delimiters or warnings to separate retrieved memories from system prompts.
  • Capability inventory: The skill can execute shell commands via curl and manipulate local files.
  • Sanitization: Absent; content returned from the API is used directly in the agent's logic.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 12:59 AM