project-memory
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious patterns or security risks were identified. The skill follows best practices for repository documentation management, including explicit instructions to keep sensitive data out of documentation files.
- [PROMPT_INJECTION]: The skill processes untrusted repository data (docs, manifests, file lists) which presents a surface for indirect prompt injection. This is addressed through instructions that prioritize human-readable summaries and require explicit user approval for any modifications to the root instructions file.
- Ingestion points: Reads root
AGENTS.md, files withindocs/, package manifests, and repository file structure viarg --files. - Boundary markers: Snippet integration uses
<!-- BEGIN/END ... -->markers to maintain clear separation of methodology content. - Capability inventory: File creation and updates for documentation in
docs/and instruction updates inAGENTS.md. - Sanitization: The workflow mandates providing semantic summaries and diffs for user review before any persistent changes are made, particularly to the agent's core instruction file.
Audit Metadata