ac-memory-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill implements a persistent memory system that stores arbitrary data, creating a surface for indirect prompt injection if the agent subsequently interprets retrieved memories as instructions.
- Ingestion points:
scripts/memory_manager.py(via thestoreandretrievemethods). - Boundary markers: Absent. Data is stored and retrieved as raw values without delimiters or instructions to ignore embedded commands.
- Capability inventory: Local file system write access (
_save_memory) to the.claude/memory/directory. - Sanitization: Absent. The skill serializes data directly to JSON without filtering for potential injection patterns.
- [Data Exposure & Exfiltration] (SAFE): The script manages data locally within the project directory (
.claude/memory). No network calls (e.g., requests, curl) or access to sensitive system-level file paths (e.g., ~/.ssh) were detected. - [Unverifiable Dependencies] (SAFE): The implementation relies exclusively on the Python standard library. No external package managers or remote code execution patterns are present.
- [Command Execution] (SAFE): There are no uses of
os.system,subprocess, or similar utilities that execute shell commands.
Audit Metadata