remember
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a local state management system using 'memory.md'. It operates entirely within the filesystem of the current project and does not engage in network communication or external data transmission.
- [PROMPT_INJECTION]: The skill's restoration process ingests data from local files which constitutes a potential surface for indirect prompt injection if project files are compromised.
- Ingestion points: The agent reads 'memory.md', 'CLAUDE.md', and other project context files during the 'restore' command.
- Boundary markers: Absent; the skill reads file content directly into the context without specific delimiters or isolation instructions.
- Capability inventory: File system access (read/write) consistent with a standard developer agent role.
- Sanitization: No explicit data sanitization is performed on the ingested file content; however, the skill includes a mandatory human-in-the-loop verification step where the agent must summarize the restored state and wait for user confirmation before proceeding.
Audit Metadata