repo-memory
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill manages repository-local documentation and agent configuration for better context retention. It includes clear instructions and multiple explicit warnings to avoid storing sensitive information like secrets, credentials, tokens, or private data.\n- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by directing the agent to read and follow context from repository-local files.\n
- Ingestion points: The agent is instructed to read memory files from the .ai/memory/ directory and configuration files such as .github/copilot-instructions.md during its initialization (Workflow section in SKILL.md).\n
- Boundary markers: Absent; there are no specific instructions to use delimiters or ignore embedded instructions when reading these local context files.\n
- Capability inventory: The skill has the capability to write and modify files on the local filesystem, including both the memory notes and project-wide agent instruction files.\n
- Sanitization: Absent; the skill does not specify validation or filtering of the content read from the memory directory.\n- [SAFE]: All components and templates are hosted locally within the skill directory, with no external network requests, remote code downloads, or dynamic execution patterns detected.
Audit Metadata