agentmemory-hooks

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Provides instructions to the user to execute plugin installation commands (/plugin marketplace add rohitg00/agentmemory and /plugin install agentmemory) which download and execute code from the marketplace provided by the author.
  • [DATA_EXFILTRATION]: Automatically captures and records session-sensitive data, including user prompts and tool outputs, which are stored at a local endpoint (http://localhost:3113). While stored locally, this facilitates the aggregation of all agent activity.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from UserPromptSubmit and PostToolUse (tool outputs). These observations are stored and intended to be injected back into the LLM context (e.g., via AGENTMEMORY_INJECT_CONTEXT), which could lead to the agent following malicious instructions embedded in previous session data or tool responses.
  • Ingestion points: Captures data via UserPromptSubmit and PostToolUse lifecycle events (REFERENCE.md).
  • Boundary markers: None identified in the provided files to separate recorded data from instructions when re-injected.
  • Capability inventory: No direct subprocess or file-write capabilities are defined in these specific markdown files, though the plugin itself likely performs them.
  • Sanitization: No evidence of sanitization or filtering of the captured content before storage or re-injection.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:38 PM
Security Audit — agent-trust-hub — agentmemory-hooks