memory-research
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it is designed to ingest and process data from external websites and user-provided URLs.
- Ingestion points: Web search results gathered in Step 1 and content from user-provided URLs used as triggers.
- Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing fetched content.
- Capability inventory: The skill utilizes
search_notes,write_note, andedit_noteto read from and write to the local knowledge base (SKILL.md). - Sanitization: There is no explicit requirement for the agent to sanitize, escape, or validate the content fetched from the web before summarizing it or storing it in a note.
- [COMMAND_EXECUTION]: The skill invokes specific tools to perform file-based operations in the local environment for its intended purpose.
- Evidence: Invocations of
search_notes,write_note, andedit_noteare used to manage the lifecycle of 'Basic Memory' entities across different directories like 'organizations', 'people', and 'concepts'.
Audit Metadata