memory-system
Pass
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Attack Surface. The skill provides a mechanism for the agent to ingest and act upon data stored in local files, which could potentially contain malicious instructions if the file contents are influenced by untrusted external sources.
- Ingestion points: Information is retrieved from
.agent/memory/MEMORY.mdand various Markdown topic files within the same directory. - Boundary markers: The skill does not define explicit delimiters or instructions to ignore nested prompts within the memory files.
- Capability inventory: The skill utilizes the Read, Write, Grep, and Glob tools for file operations.
- Sanitization: The instructions do not specify any sanitization or validation routines for the data being stored or recalled from the memory system.
- [SAFE]: Credential Handling. The skill includes a 'What NOT to Save' section that clearly prohibits the storage of secrets, tokens, passwords, and private keys, effectively mitigating the risk of credential exposure.
Audit Metadata