managing-memories
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The memory management process ingests data from user conversations to create persistent memories, creating a surface for indirect prompt injection. 1. Ingestion points: User conversation history, preferences, and behavior corrections (SKILL.md). 2. Boundary markers: The prompt template in references/memory-recall-prompt.md uses specific operational rules and JSON output constraints to delimit memory selection. 3. Capability inventory: The skill can read and write markdown files in the .agent/memories/ directory using scripts/memory-index.sh. 4. Sanitization: The scripts/scan-secrets.sh tool performs regex-based scanning for 36 types of credentials before persistence.
- [COMMAND_EXECUTION]: The skill provides scripts/memory-index.sh and scripts/scan-secrets.sh for directory management and security scanning. these scripts use standard POSIX utilities and do not involve remote code execution or privilege escalation.
- [SAFE]: The skill incorporates proactive security measures, including automated credential scanning and a 'Never save' policy for sensitive data like private keys and git history, demonstrating best practices for local state management.
Audit Metadata