engram-memory

Pass

Audited by Gen Agent Trust Hub on May 16, 2026

Risk Level: SAFE
Full Analysis
  • [PROMPT_INJECTION]: The skill uses authoritative language (e.g., "ALWAYS ACTIVE", "MANDATORY") to define a memory management protocol. This is functional behavior for the agent's task-specific role and does not constitute an attempt to bypass safety guidelines or extract sensitive system information.
  • [PROMPT_INJECTION]: The skill retrieves previously stored data using mem_search and mem_get_observation, which creates a surface for indirect prompt injection. This is an inherent risk of persistent memory systems rather than a specific malicious instruction.
  • Ingestion points: Memory retrieval tools mem_search and mem_get_observation referenced in SKILL.md.
  • Boundary markers: Absent; the skill does not define specific isolation markers for retrieved content.
  • Capability inventory: The agent environment includes tool execution and local system interaction.
  • Sanitization: Absent; there is no mention of filtering or validating retrieved memory content.
  • [COMMAND_EXECUTION]: The documentation includes a maintenance command engram setup claude-code. This is a vendor-provided utility for system configuration and does not involve arbitrary command execution.
  • [DATA_EXFILTRATION]: The protocol captures detailed session information for persistence. This data is handled by internal tools (mem_save, etc.) intended for local session continuity, without evidence of unauthorized external transfer.
Audit Metadata
Risk Level
SAFE
Analyzed
May 16, 2026, 02:32 AM
Security Audit — agent-trust-hub — engram-memory