mempalace
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
mempalacePython package from a public registry viapip install mempalace. This is a vendor resource for the skill author. - [COMMAND_EXECUTION]: The skill utilizes shell commands and Python execution patterns to manage memory, including the
mempalaceCLI tool and direct Python code execution viapython -cto query the knowledge graph. - [DATA_EXFILTRATION]: The skill accesses and processes data from the user's home directory and project folders, including the identity file at
~/.mempalace/identity.txtand conversation histories. While the skill operates locally, it creates an exposure surface for personal and project information. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests verbatim content from external project files and conversation exports. This stored content is later retrieved and placed into the agent's context during searches or session initialization.
- Ingestion points: Untrusted data enters via the
mempalace minecommand described inSKILL.md. - Boundary markers: No explicit delimiters or instructions are specified to prevent the agent from following instructions embedded in the retrieved memory content.
- Capability inventory: The skill allows the execution of CLI commands and Python snippets.
- Sanitization: No sanitization or validation of the content being 'mined' or 'searched' is implemented.
Audit Metadata