memory-maintenance
Warn
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill instructs the agent to run in the background with no user interaction and tells it to not ask questions and make decisions autonomously. This is a direct attempt to bypass standard human-in-the-loop safety protocols and oversight mechanisms.
- [COMMAND_EXECUTION]: The skill executes shell commands including grep and jq to access and parse local journal files containing sensitive interaction history in the user home directory.
- [PROMPT_INJECTION]: The skill processes distilled content from previous conversations to update state files and entity records without employing boundary markers or sanitization, creating an indirect prompt injection surface. 1. Ingestion points: Local journal files (~/.config/macrodata/journal/). 2. Boundary markers: Absent. 3. Capability inventory: Shell execution, file modification, and index management tools. 4. Sanitization: Absent.
Audit Metadata