forget
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script to retrieve session statistics for the 'undo' feature.
- Evidence: The skill constructs a path using environment variables (e.g.,
CLAUDE_PLUGIN_ROOT) and executespython3 "$SCRIPT_DIR/session_stats.py" peek. - Context: This is a local administrative operation intended to track recent memory IDs for the session, allowing the user to undo recent additions.
- [SAFE]: The skill implements a safety-first approach to data management by requiring explicit user confirmation before any memory is deleted.
- Evidence: 'Never delete without confirmation. This is destructive.' instructions in
SKILL.md. - [INDIRECT_PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it retrieves and displays stored memories which could contain malicious content.
- Ingestion points: Memory content is fetched via
get_memoryandsearch_memoriesinSKILL.md. - Boundary markers: There are no explicit delimiters used when displaying memory content to the user.
- Capability inventory: The skill can perform deletions and execute local scripts.
- Sanitization: No specific sanitization of retrieved memory content is mentioned before it is displayed in the agent's context.
Audit Metadata