Skills
skills/pjt222/development-guides/manage-memory/Gen Agent Trust Hub

manage-memory

Pass

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The integrity check in Step 6 uses a shell for loop to iterate over links extracted from MEMORY.md using grep. The extracted filenames are interpolated directly into an ls command without quoting or sanitization. If MEMORY.md contains a malicious link with shell metacharacters (e.g., [test](; rm -rf / ;)), the command could execute arbitrary shell code.
  • [PROMPT_INJECTION]: Indirect Prompt Injection surface detected (Category 8).
  • Ingestion points: Content is read from MEMORY.md and other topic files in the memory directory (SKILL.md, Step 6).
  • Boundary markers: None. Content extracted via regex is treated as trusted input for shell execution.
  • Capability inventory: Uses Bash for integrity checks and Write/Edit for file management.
  • Sanitization: Absent. Filenames extracted from markdown links are passed directly to the shell environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 13, 2026, 01:53 PM