Skills
skills/signet-ai/signetai/recall/Gen Agent Trust Hub

recall

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands using the signet CLI tool (signet recall, signet status, signet daemon start) to interact with the local memory system. It also uses curl to perform health checks against a local service at http://localhost:3850/health. These operations are consistent with the skill's purpose of managing a local memory database.
  • [DATA_EXPOSURE]: The skill instructions specify access to files in the ~/.agents/ directory, including config.yaml, AGENT.yaml, and MEMORY.md. These paths are used for storing and configuring the agent's persistent memory and do not involve sensitive system credentials or exfiltration to external domains.
  • [INDIRECT_PROMPT_INJECTION]:
  • Ingestion points: The output from the signet recall command is directly incorporated into the agent's context in SKILL.md.
  • Boundary markers: The skill uses a specific display format (e.g., [score|source] content [tags]) to structure the results, which provides some separation but does not explicitly sanitize the content for embedded instructions.
  • Capability inventory: The skill has the capability to execute shell commands (signet, curl) and read local files (SKILL.md).
  • Sanitization: There is no evidence of automated sanitization or filtering of the retrieved memory content before it is displayed to the user or processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:53 PM