Skills
skills/joelhooks/joelclaw/memory-system/Gen Agent Trust Hub

memory-system

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill describes a memory retrieval and injection pipeline that is susceptible to indirect prompt injection.
  • Ingestion points: Observations are submitted via the joelclaw send command based on patterns learned during agent sessions (Section 8).
  • Boundary markers: The skill defines 'write gates' in Section 1 and filtering rules in Section 8 designed to discard instruction artifacts and tool traces, which provides a layer of defense against obedience to embedded instructions.
  • Capability inventory: The system uses joelclaw recall to fetch data and joelclaw send to commit data to a persistent Typesense backend.
  • Sanitization: There are explicit guidelines to skip 'instruction artifacts' and 'tool traces' during the observation phase, though the system remains vulnerable to instructions embedded in otherwise valid observations.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 12:38 PM
Security Audit — agent-trust-hub — memory-system