Skills
skills/benbrastmckie/nvim/skill-memory/Gen Agent Trust Hub

skill-memory

Pass

Audited by Gen Agent Trust Hub on Apr 27, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it ingests and processes content from local files, directories, and task artifacts.\n
  • Ingestion points: Data enters the system through file, directory, and task modes, which read contents from various filesystem paths (documented in SKILL.md).\n
  • Boundary markers: The system uses Markdown for storage but lacks explicit boundary markers or 'ignore' instructions for the LLM when it later retrieves and processes these memories.\n
  • Capability inventory: The skill can execute shell commands via Bash, write or modify files, delete files using rm, and perform git commits.\n
  • Sanitization: There is no mention of content sanitization or filtering to prevent the inclusion of malicious instructions in the memory vault.\n- [COMMAND_EXECUTION]: The skill uses shell commands to perform vault maintenance and search operations.\n
  • Evidence: SKILL.md defines workflows using grep, wc, bc, ls, git, and rm. The gc sub-mode specifically performs permanent file deletion.\n
  • Control: The skill includes mandatory interactive requirements, explicitly instructing the agent to use AskUserQuestion and wait for confirmation before any write or delete operations are performed.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 27, 2026, 12:37 AM