save-knowledge
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
memory-manager.pyto perform content normalization, SHA-256 hashing, and metadata preparation before storage. - [EXTERNAL_DOWNLOADS]: The skill interacts with external vector database services and memory platforms, including Pinecone, Qdrant, Supermemory, and Graphiti, which are well-known services used for persistent storage.
- [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it ingests untrusted text and content from external URLs and stores them in a long-term memory layer used to inform future agent sessions.
- Ingestion points: Accepts content from the user and external research URLs via the
Content to storeinput field. - Boundary markers: No specific delimiters or "ignore instructions" markers are used to wrap the stored content.
- Capability inventory: The skill can read local files in the
~/.claude-marketing/directory, execute shell commands, and communicate with external vector databases. - Sanitization: The skill mentions normalizing content but does not explicitly describe sanitization or filtering to prevent the execution of instructions embedded in the stored data during future retrieval.
Audit Metadata