memory-management
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through its data ingestion pipeline.
- Ingestion points: The agent is instructed to read context from files within the
memory/directory, includingmemory/hot-cache.md,memory/glossary.md, and archived data inmemory/archive/. If these files are populated with untrusted content (e.g., from a compromised SEO data source), they could contain hidden instructions. - Boundary markers: There are no explicit instructions to treat content from these files as untrusted or to wrap them in boundary markers (like XML tags) to separate data from system instructions.
- Capability inventory: The skill possesses significant capabilities, including writing to the file system, managing project structure, and coordinating with other skills that may perform network operations (like
rank-trackerorseo-content-writer). - Sanitization: The instructions lack requirements for sanitizing or validating the content retrieved from the memory files before using it to determine the agent's next actions.
Audit Metadata