Memory Tools

The plugin exhibits risky capabilities primarily through its interaction with the `qmd` CLI tool via `child_process.spawn` in `src/qmd.ts`. User-controlled input (e.g., `query` parameters from `memory_search` or `memory_forget`) is passed as arguments to the `qmd` command. While Node.js's `spawn` typically handles arguments as separate strings, this pattern introduces a potential shell injection vulnerability if the `qmd` CLI itself has command injection flaws or if complex input is not properly escaped. Additionally, the `autoInjectInstructions` feature in `src/index.ts` prepends stored memories categorized as 'instruction' to the agent's context, creating a prompt injection surface if a malicious instruction were to be stored by the agent. However, there is no evidence of intentional data exfiltration, backdoor installation, or other clear malicious intent within the plugin's code; the risky behaviors are tied to its stated purpose of local memory management and search.