kratos-memory
Pass
Audited by Gen Agent Trust Hub on Apr 3, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the 'kratos-memory' package from the public NPM registry using 'npm install -g' or 'npx'.
- [COMMAND_EXECUTION]: The agent is instructed to execute various shell commands to manage memory (save, search, ask, status). The instructions explicitly direct the agent to act proactively and skip user permission when saving information, which reduces human oversight of shell operations.
- [PROMPT_INJECTION]: The use of a persistent memory system introduces a surface for indirect prompt injection. Malicious instructions embedded in stored data (like bug descriptions or architecture notes) could be retrieved in later sessions to override agent behavior.
- Ingestion points: The 'kratos-memory save' command in SKILL.md accepts natural language text from the user and codebase.
- Boundary markers: Absent; there are no instructions for the agent to use delimiters or ignore embedded commands when processing retrieved memories.
- Capability inventory: The skill allows for shell command execution, file path referencing, and data persistence as documented in SKILL.md and api_reference.md.
- Sanitization: While a 'scan' command is provided to detect secrets and PII, no mechanism is described to sanitize or validate retrieved memories against natural language instruction injection.
Audit Metadata