bm-remember
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill accesses local configuration files (
.claude/settings.jsonand.claude/settings.local.json) to retrieve settings forrememberFolderandprimaryProject. This is a routine method for managing skill-specific preferences. - [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted user input via
$ARGUMENTSand persists it verbatim using thewrite_notetool. This behavior is inherent to its purpose as a note-taking skill. - Ingestion points: Untrusted data enters via
$ARGUMENTSinSKILL.md. - Boundary markers: Absent; the instructions specifically direct the agent to store content verbatim without rewriting or padding.
- Capability inventory: The skill uses the
write_notetool to persist data to the file system or a database. - Sanitization: Absent; the skill does not perform escaping or filtering of the captured text.
Audit Metadata