Skills
skills/iwe-org/skills/iwe-memory-system/Gen Agent Trust Hub

iwe-memory-system

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface. It directs the agent to ingest and analyze untrusted data from markdown notes in the local workspace, while providing the agent with tools to modify the environment.
  • Ingestion points: Notes are retrieved and explored using iwe find, iwe retrieve, and iwe tree (documented in SKILL.md and references/read-and-navigate.md).
  • Boundary markers: No explicit delimiters or instruction-ignoring warnings are used when the agent processes the content of these notes.
  • Capability inventory: The agent can use iwe new, iwe rename, iwe delete, iwe extract, and iwe inline to create, modify, or remove files in the local filesystem (documented in references/write-and-refactor.md).
  • Sanitization: No explicit sanitization or validation of the note content is performed before the agent acts upon it.
  • [COMMAND_EXECUTION]: The skill relies on executing the iwe command-line interface to perform its primary functions. This includes project discovery, structural refactoring, and data analysis through shell commands and pipes.
  • Usage examples: The skill provides numerous examples of CLI usage, such as iwe find, iwe retrieve, and analytical chains like iwe stats -f csv | tail -n +2 | sort -t, -k12 -nr | head -5.
  • Guardrails: For high-impact commands like iwe delete and iwe normalize, the skill correctly advises the use of --dry-run and explicit user intent to mitigate the risk of unintended modifications.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 12:21 PM