memory-palace
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill maintains a persistent store of decisions and discoveries which it re-injects into the agent's context, creating an indirect prompt injection surface. Ingestion points: Data is captured from session conversations via the
palace-auto-savehook. Boundary markers: The documentation does not specify the use of delimiters or 'ignore embedded instructions' warnings for re-injected memories. Capability inventory: The skill utilizes file system read/write operations to manage JSONL files in the~/.claude/palace/directory. Sanitization: There is no mention of sanitization, filtering, or validation of stored content before it is re-introduced into the agent's context.
Audit Metadata