Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/memory/Gen Agent Trust Hub

memory

Warn

Audited by Gen Agent Trust Hub on Apr 30, 2026

Risk Level: MEDIUMPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface where data from a project memory file is ingested into the agent context without safeguards.\n
  • Ingestion points: The skill reads from .claude/memories/project_memory.json (or .memories/project_memory.json) to load persistent context.\n
  • Boundary markers: Absent. The instructions in SKILL.md command the agent to 'apply memories silently' and 'incorporate remembered preferences... without announcing them', providing no separation between system instructions and untrusted memory data.\n
  • Capability inventory: The skill utilizes Read and Write tools to interact with the file system and relies on the scripts/manage-memory.py utility for record management.\n
  • Sanitization: Absent. There is no evidence of validation or escaping for the content loaded from the JSON memory file before it influences agent behavior.\n- [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external plugin from an unverified third-party author.\n
  • Evidence: SKILL.md lists the Claude Never Forgets plugin (/plugin install yldrmahmet/claude-never-forgets) as a prerequisite. This directs the user to install code from an unverified repository.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 30, 2026, 05:09 PM