managed-memory
Pass
Audited by Gen Agent Trust Hub on Jun 29, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXFILTRATION]: The skill interacts with Databricks Unity Catalog REST APIs at the workspace host provided by the user. These operations are the primary function of the skill—enabling durable memory storage—and are authorized using standard Databricks authentication patterns (OBO tokens and Service Principals).
- [COMMAND_EXECUTION]: Manual setup steps involving the
databricksCLI andcurlare provided for the developer. These commands are used to initialize infrastructure and configure Unity Catalog permissions for the agent's identity. - [PROMPT_INJECTION]: The skill presents a potential surface for indirect prompt injection as the agent reads memory contents from an external store. It addresses this by implementing strict isolation boundaries (scope), ensuring the agent only accesses memories associated with the verified end-user.
- Ingestion points: Memories are retrieved via the
get_memorytool inagent_server/utils_memory.py. - Boundary markers: None explicitly implemented for memory content in the prompt.
- Capability inventory: The skill includes
save_memory,update_memory, anddelete_memorytools. - Sanitization: Content is retrieved directly from the memory store without additional filtering.
Audit Metadata