context-management
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): The 'memory-management.md' file explicitly lists 'API endpoints and credentials' as key information types to preserve within the knowledge graph. Recommending the storage of secrets in plain text within a persistent memory system is a significant security flaw that leads to credential exposure.
- [PROMPT_INJECTION] (HIGH): This skill has a high-risk Indirect Prompt Injection surface because it ingests untrusted data into a persistent state. 1. Ingestion points: Data is captured from conversations, external documents, and user preferences (SKILL.md, memory-management.md). 2. Boundary markers: None are defined to separate untrusted content from system instructions. 3. Capability inventory: The skill uses MCP memory tools (mcp__memory__*) to modify persistent knowledge graph state. 4. Sanitization: No escaping or validation is applied. This allows malicious instructions in external content to be stored as 'observations' or 'decisions' that can compromise the agent's behavior in future sessions.
- [COMMAND_EXECUTION] (LOW): The 'references/patterns.md' file suggests a coordination pattern where agents write artifacts to the '/tmp' directory. Since '/tmp' is often world-readable, this presents a risk of local information disclosure or race conditions on shared systems.
Recommendations
- AI detected serious security threats
Audit Metadata