memory-fabric
Pass
Audited by Gen Agent Trust Hub on May 26, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests and processes data from a knowledge graph (mcp__memory__search_nodes), creating a vector for untrusted data to enter the agent's context.
- Ingestion points: Data is retrieved via graph search nodes as seen in SKILL.md and references/query-merging.md.
- Boundary markers: None identified. The instructions do not specify delimiters to isolate retrieved memory content from agent instructions.
- Capability inventory: The skill enables high-privilege tools such as Bash, which could be abused if retrieved data contains malicious instructions.
- Sanitization: No validation or escaping mechanisms are implemented for data retrieved from the knowledge graph.
Audit Metadata