caduceus-auto-save
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection by extracting information from untrusted user input and saving it to long-term memory without sanitization.
- Ingestion points: Processes all user messages to detect person-related patterns (SKILL.md).
- Boundary markers: No specific delimiters or "ignore instructions" warnings are defined for the extracted data before storage.
- Capability inventory: Utilizes the
mcp__core-memory__memory_ingesttool to persist information across sessions. - Sanitization: The instructions do not include any steps to validate, escape, or filter the extracted content, which could allow malicious instructions to be stored in memory and affect future interactions.
Audit Metadata