maintaining-memory-md

Pass

Audited by Gen Agent Trust Hub on Jul 6, 2026

Risk Level: SAFENO_CODE
Full Analysis
  • [SAFE]: The skill consists purely of natural language instructions and configuration metadata with no executable code or external dependencies.
  • [SAFE]: The instructions include robust data safety guidelines, explicitly warning the agent never to store credentials, tokens, API keys, or sensitive personal data in the memory file.
  • [INDIRECT_PROMPT_INJECTION]: The skill instructs the agent to read and follow context from a repository-local file (MEMORY.md). This creates a known attack surface where malicious instructions could be placed in the file by external contributors to influence the agent's behavior.
  • Ingestion points: SKILL.md instructs the agent to check for and read MEMORY.md at the start of conversations.
  • Boundary markers: None explicitly defined within the file format instructions.
  • Capability inventory: The agent is granted file read and write capabilities to manage the memory file.
  • Sanitization: No explicit sanitization or validation of the file's content is defined, though the agent is instructed to use current repository evidence as the source of truth if contradictions occur.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 6, 2026, 05:19 AM
Security Audit — agent-trust-hub — maintaining-memory-md