Skills
skills/signet-ai/signetai/remember/Gen Agent Trust Hub

remember

Pass

Audited by Gen Agent Trust Hub on Apr 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the signet CLI tool to store data in a local daemon. As signet is a resource belonging to the vendor (Signet-AI), this is considered standard functionality. Evidence includes the command: signet remember "<content>" -w <agent-name>.
  • [SAFE]: The skill performs health checks on a local daemon via curl -s http://localhost:3850/health. This involves only local communication and is not associated with data exfiltration.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by capturing and storing user-provided content without sanitization. 1. Ingestion points: Untrusted data enters the agent context through the <content> argument in SKILL.md. 2. Boundary markers: None are present to delimit user content or instruct the agent to ignore embedded instructions. 3. Capability inventory: The skill has the capability to execute shell commands via the signet CLI across its implementation. 4. Sanitization: No sanitization or validation of the input content is performed before storage.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 9, 2026, 04:54 PM