skills/cursor/plugins/recall/Gen Agent Trust Hub

recall

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [SAFE]: The skill accesses local agent transcripts and project metadata (PRs, issues) to reconstruct working context. This behavior is consistent with its stated purpose as a developer utility for summarizing work history and utilizes standard system tools like ls, grep, git, and gh for data retrieval.
  • [PROMPT_INJECTION]: The skill processes historical chat data and external reports, creating an indirect prompt injection surface.
  • Ingestion points: Historical JSONL chat transcripts located in the ~/.cursor/projects/ directory and external project data from source control and issue trackers.
  • Boundary markers: The instructions do not specify explicit delimiters to isolate historical data from the agent's active instructions during ingestion.
  • Capability inventory: The skill instructs the agent to spawn subagents and execute file system and version control commands (ls, grep, git, gh).
  • Sanitization: The skill includes a specific directive to sanitize private context before generating any public output.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 06:08 PM
Security Audit — agent-trust-hub — recall