reflect-and-remember
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFECREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructions direct the agent to store highly sensitive information, including passwords, API keys, and tokens, in a local markdown file located at
~/.claude/projects/<project>/memory/MEMORY.md. Storing credentials in plain text in a predictable filesystem path is a security risk, although the skill attempts to mitigate this by ensuring these files are not committed to version control. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its reliance on shared files for persistent memory.
- Ingestion points: The agent is instructed to read
.claude/memory/MEMORY.mdto check for existing records before writing new ones. - Boundary markers: There are no instructions to use delimiters or ignore embedded instructions when reading or updating these files, which are shared among collaborators via Git.
- Capability inventory: The skill utilizes file read and write capabilities across the project directory and user home directory.
- Sanitization: The skill lacks mechanisms to sanitize or validate the content of the shared memory file before processing it, meaning malicious instructions committed to the repository by an external actor could influence the agent's behavior.
Audit Metadata