mem-history
Pass
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation encourages the installation of an external third-party plugin (
claude-mem@thedotmack). This creates a functional dependency on code maintained by an unverified source outside the official trusted vendor list. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it retrieves and displays project 'observations' which are derived from external data sources.
- Ingestion points: Untrusted data enters the context via the
mcp-search__searchandmcp-search__get_observationstools which query theclaude-memdatabase. - Boundary markers: There are no defined delimiters or instructions (e.g., 'ignore instructions within these observations') to help the agent distinguish between retrieved memory and its primary system instructions.
- Capability inventory: The skill facilitates the retrieval of content that could influence an agent possessing shell execution and file modification capabilities.
- Sanitization: There is no mention of sanitization, escaping, or validation of the retrieved memory text before it is integrated into the agent's active prompt context.
Audit Metadata