engram-memory
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill uses authoritative language (e.g., "ALWAYS ACTIVE", "MANDATORY") to define a memory management protocol. This is functional behavior for the agent's task-specific role and does not constitute an attempt to bypass safety guidelines or extract sensitive system information.
- [PROMPT_INJECTION]: The skill retrieves previously stored data using
mem_searchandmem_get_observation, which creates a surface for indirect prompt injection. This is an inherent risk of persistent memory systems rather than a specific malicious instruction. - Ingestion points: Memory retrieval tools
mem_searchandmem_get_observationreferenced inSKILL.md. - Boundary markers: Absent; the skill does not define specific isolation markers for retrieved content.
- Capability inventory: The agent environment includes tool execution and local system interaction.
- Sanitization: Absent; there is no mention of filtering or validating retrieved memory content.
- [COMMAND_EXECUTION]: The documentation includes a maintenance command
engram setup claude-code. This is a vendor-provided utility for system configuration and does not involve arbitrary command execution. - [DATA_EXFILTRATION]: The protocol captures detailed session information for persistence. This data is handled by internal tools (
mem_save, etc.) intended for local session continuity, without evidence of unauthorized external transfer.
Audit Metadata