memory-research

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection attack surface because it is designed to ingest and process data from external websites and user-provided URLs.
  • Ingestion points: Web search results gathered in Step 1 and content from user-provided URLs used as triggers.
  • Boundary markers: The skill instructions do not specify the use of delimiters or 'ignore embedded instructions' warnings when processing fetched content.
  • Capability inventory: The skill utilizes search_notes, write_note, and edit_note to read from and write to the local knowledge base (SKILL.md).
  • Sanitization: There is no explicit requirement for the agent to sanitize, escape, or validate the content fetched from the web before summarizing it or storing it in a note.
  • [COMMAND_EXECUTION]: The skill invokes specific tools to perform file-based operations in the local environment for its intended purpose.
  • Evidence: Invocations of search_notes, write_note, and edit_note are used to manage the lifecycle of 'Basic Memory' entities across different directories like 'organizations', 'people', and 'concepts'.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 09:14 PM
Security Audit — agent-trust-hub — memory-research