memories-sdk
Warn
Audited by Snyk on Mar 15, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill fetches runtime context from the Memories API (e.g., baseUrl "https://memories.sh" and its /api/sdk/* endpoints) which is injected into system prompts via memoriesMiddleware/preloadContext, so externally-fetched content can directly control agent prompts.
Issues (1)
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata