remind
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown instructions and documentation for an external MCP server. It contains no executable scripts, binaries, or automated configuration routines.
- [PROMPT_INJECTION]: The skill provides an interface to ingest and process data from a user's workspace (via the
remindbdatabase), which constitutes an indirect prompt injection surface. This is a standard risk factor for retrieval-augmented generation tools. - Ingestion points: Tools such as
MemoryFetch,MemorySearch, andMemoryFetchBatchare used to read content from the database and inject it into the agent's context. - Boundary markers: The instructions do not specify the use of delimiters (e.g., XML tags or unique tokens) or instructions to ignore embedded prompts within the retrieved content.
- Capability inventory: The skill provides read-only access. Write operations are delegated to a separate
memoizeskill, which mitigates the risk of automated self-propagation or unauthorized data modification by this specific skill. - Sanitization: No evidence of input/output sanitization or validation of the retrieved content is present in the static instructions.
- [SAFE]: The skill includes a reference to documentation on GitHub (
github.com/radimsem/remindb). This link belongs to the skill's author, is purely informational, and does not involve remote code execution or unauthorized downloads.
Audit Metadata