memory
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Data Ingestion Management: The skill manages data from external sources like the GitHub CLI and local scripts. To mitigate the risk of indirect prompt injection from these sources, the instructions explicitly require wrapping gathered evidence in
<untrusted_context>tags, creating a clear boundary between external content and the agent's internal logic. - Least Privilege for Sub-agents: The delegation model enforces a read-only restriction for 'worker' agents. Only the primary orchestrator has the authority to update the persistent memory file, preventing unauthorized or conflicting state changes during complex tasks.
- Structured Memory Preservation: The skill uses a local Markdown file (
lessons-learned.md) to maintain a rolling window of tasks and decisions. This design facilitates continuity and session synchronization through standard file operations without requiring elevated privileges or network-based persistence mechanisms.
Audit Metadata