memory-management

Pass

Audited by Gen Agent Trust Hub on Jul 7, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill consists of instructional markdown files and templates. It does not include any executable code, shell scripts, or external software dependencies.
  • [DATA_EXFILTRATION]: File access is restricted to a local memory/ directory within the user's project. The skill does not attempt to access sensitive system files (e.g., credentials, SSH keys) or initiate network connections to non-whitelisted domains.
  • [PROMPT_INJECTION]: The instructions are focused on data lifecycle management and project organization. No patterns for overriding agent behavior, bypassing safety filters, or extracting system prompts were detected. The skill proactively addresses the risk of indirect prompt injection from stored data by implementing a 'decision provenance' system (v8.0.1+) that treats non-user-approved data as advisory.
  • Ingestion points: The skill reads from and writes to the memory/ directory, which may contain data processed in previous sessions.
  • Boundary markers: Data is structured using Markdown headers and tables.
  • Capability inventory: The skill uses standard agent file tools for reading, writing, and searching (grep) local project files.
  • Sanitization: The documentation explicitly references the use of sanitized excerpts when loading memory into the session context via hooks.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 7, 2026, 10:02 AM
Security Audit — agent-trust-hub — memory-management