Skills
skills/databricks/app-templates/agent-memory/Gen Agent Trust Hub

agent-memory

Pass

Audited by Gen Agent Trust Hub on May 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill implements a persistent memory system which introduces a surface for indirect prompt injection. Malicious instructions could potentially be stored in the memory and later retrieved during a conversation.
  • Ingestion points: Data is retrieved from the Lakebase store via the get_user_memory tool in examples/memory_tools.py.
  • Boundary markers: The tools do not implement specific delimiters or instructions to ignore embedded commands within the retrieved memory content.
  • Capability inventory: The skill provides tools for reading (get_user_memory), writing (save_user_memory), and deleting (delete_user_memory) persistent data.
  • Sanitization: The save_user_memory tool performs JSON structure validation to ensure inputs are dictionary objects, but it does not sanitize content for natural language instructions.
  • [COMMAND_EXECUTION]: The documentation provides shell commands for initializing database tables and testing the agent's memory tools locally using curl, python, and databricks auth token. These are intended for developer use during the integration process.
  • [EXTERNAL_DOWNLOADS]: The skill requires the databricks-langchain package and references template code hosted on Databricks' official GitHub organization. These are vendor-owned resources.
Audit Metadata
Risk Level
SAFE
Analyzed
May 6, 2026, 08:44 PM