memory
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill manages files within ~/.claude/memory/ to store global context. While this path is specific to the tool's application data, accessing the user's home directory is a sensitive operation that requires monitoring for potential exposure.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external file content.
- Ingestion points: Memory files are read from the ~/.claude/memory/ directory and project-level memory folders.
- Boundary markers: The instructions do not provide delimiters or specific markers to ensure that embedded instructions within memory files are ignored by the agent.
- Capability inventory: The agent possesses file system capabilities including reading, writing, moving, and deleting markdown files across the managed paths.
- Sanitization: Content from external memory files is processed and updated without explicit sanitization or validation logic.
Audit Metadata