layered-recall
Pass
Audited by Gen Agent Trust Hub on Jun 22, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill defines a data ingestion architecture that represents an indirect prompt injection surface.\n
- Ingestion points: The skill describes loading context from multiple local file paths, including
~/.claude/projects/*/memory/*.md,thoughts/CONTEXT.md, andmature-instincts.json.\n - Boundary markers: The architecture lacks specifications for delimiters or instructions to the agent to disregard instructions embedded within the retrieved memory content.\n
- Capability inventory: The documentation mentions integration with functional tools such as
instinct-loader,smart-memory-recall,intent-classifier, andgraph-indexer.\n - Sanitization: There is no mention of sanitization or validation logic for the data ingested from the memory files before it is processed by the agent.
Audit Metadata