memory-tool
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFE
Full Analysis
- [DATA_EXPOSURE]: The skill provides implementation code for reading and writing data to a local file system directory. While this involves sensitive operations, the provided code explicitly includes path validation and sandboxing logic (
path.resolveand root checks) to prevent directory traversal attacks. - [COMMAND_EXECUTION]: The backend implementation utilizes standard filesystem operations (mkdir, readFile, writeFile, rm, rename) to manage the memory directory. This is the primary intended functionality of the skill and is documented with associated security controls like audit logging and size limits.
- [PROMPT_INJECTION]: The skill documents an indirect prompt injection surface where the agent processes instructions stored in its own persistent memory. The author addresses this by explicitly advising against executing any content stored in memory files, noting they can be indirectly influenced by untrusted external data.
Audit Metadata