agentmemory-hooks
Pass
Audited by Gen Agent Trust Hub on Jun 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions to the user to execute plugin installation commands (
/plugin marketplace add rohitg00/agentmemoryand/plugin install agentmemory) which download and execute code from the marketplace provided by the author. - [DATA_EXFILTRATION]: Automatically captures and records session-sensitive data, including user prompts and tool outputs, which are stored at a local endpoint (
http://localhost:3113). While stored locally, this facilitates the aggregation of all agent activity. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from
UserPromptSubmitandPostToolUse(tool outputs). These observations are stored and intended to be injected back into the LLM context (e.g., viaAGENTMEMORY_INJECT_CONTEXT), which could lead to the agent following malicious instructions embedded in previous session data or tool responses. - Ingestion points: Captures data via
UserPromptSubmitandPostToolUselifecycle events (REFERENCE.md). - Boundary markers: None identified in the provided files to separate recorded data from instructions when re-injected.
- Capability inventory: No direct subprocess or file-write capabilities are defined in these specific markdown files, though the plugin itself likely performs them.
- Sanitization: No evidence of sanitization or filtering of the captured content before storage or re-injection.
Audit Metadata