agent-memory
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill automatically adds the contents of
AGENTS.mdto the agent's context if the file exists in the repository root. This creates an indirect prompt injection surface where a malicious actor could place instructions in the file to influence the agent's actions.\n - Ingestion points:
AGENTS.mdfile in the repository root (referenced in SKILL.md).\n - Boundary markers: Absent. The instructions do not specify using delimiters or "ignore instructions" warnings for the imported content.\n
- Capability inventory: File system write access (creating or updating
AGENTS.md). No network access, subprocess calls, or exec/eval capabilities were found in the skill's instructions.\n - Sanitization: Absent. No sanitization or validation of content read from
AGENTS.mdis performed before it is added to the agent's context.
Audit Metadata