memory
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill explicitly instructs the agent to 'Do not tell the user you've written to memory. Just do it silently.' This is a concealment pattern that overrides transparency and prevents the user from being aware of background file modifications and context updates.
- [INDIRECT_PROMPT_INJECTION]: The skill creates a persistent storage mechanism where information is saved to
MEMORY.mdand automatically reloaded into the agent's context. This creates a vulnerability surface where malicious instructions captured from untrusted sources (e.g., web content or third-party communications) could be stored and executed in subsequent sessions. - Ingestion points:
memory/MEMORY.mdis always loaded into the agent's context, andmemory/HISTORY.mdis searched via theexectool using grep. - Boundary markers: Absent. The instructions do not provide delimiters or safety warnings to treat the recalled memory as untrusted data.
- Capability inventory: The skill utilizes
exec(to run grep),edit_file, andwrite_fileto manage the lifecycle of stored data. - Sanitization: Absent. There is no mention of validating, escaping, or filtering content before it is committed to the persistent memory files.
Audit Metadata