bm-remember

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill accesses local configuration files (.claude/settings.json and .claude/settings.local.json) to retrieve settings for rememberFolder and primaryProject. This is a routine method for managing skill-specific preferences.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests untrusted user input via $ARGUMENTS and persists it verbatim using the write_note tool. This behavior is inherent to its purpose as a note-taking skill.
  • Ingestion points: Untrusted data enters via $ARGUMENTS in SKILL.md.
  • Boundary markers: Absent; the instructions specifically direct the agent to store content verbatim without rewriting or padding.
  • Capability inventory: The skill uses the write_note tool to persist data to the file system or a database.
  • Sanitization: Absent; the skill does not perform escaping or filtering of the captured text.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 06:20 AM
Security Audit — agent-trust-hub — bm-remember