memory-fabric

Pass

Audited by Gen Agent Trust Hub on May 26, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill ingests and processes data from a knowledge graph (mcp__memory__search_nodes), creating a vector for untrusted data to enter the agent's context.
  • Ingestion points: Data is retrieved via graph search nodes as seen in SKILL.md and references/query-merging.md.
  • Boundary markers: None identified. The instructions do not specify delimiters to isolate retrieved memory content from agent instructions.
  • Capability inventory: The skill enables high-privilege tools such as Bash, which could be abused if retrieved data contains malicious instructions.
  • Sanitization: No validation or escaping mechanisms are implemented for data retrieved from the knowledge graph.
Audit Metadata
Risk Level
SAFE
Analyzed
May 26, 2026, 11:09 AM
Security Audit — agent-trust-hub — memory-fabric