audit-memory
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses configuration files located in the user's home directory (~/.claude/CLAUDE.md or %USERPROFILE%.claude\CLAUDE.md). While these files are part of the intended memory management system, accessing paths outside the project workspace constitutes sensitive file access.
- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it reads and processes the content of CLAUDE.md files which may be provided by untrusted sources (e.g., in an external repository being audited).
- Ingestion points: The skill reads markdown files across multiple scopes, including root CLAUDE.md, .claude/ memory files, and user-level memory files.
- Boundary markers: There are no explicit instructions or delimiters defined to isolate the content of these files or to instruct the agent to ignore embedded commands during the audit process.
- Capability inventory: The skill uses the Bash and Task tools, allowing the agent to execute system commands and perform complex operations that could be influenced by malicious content in the audited files.
- Sanitization: No validation or sanitization of the markdown content is mentioned before it is parsed for hierarchy compliance and circular imports.
Audit Metadata