memory-manager
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): The skill reads and writes data to a local
.claude/memorydirectory. There are no network operations, hardcoded credentials, or access to sensitive system paths (e.g., ~/.ssh or ~/.aws). - [Unverifiable Dependencies & Remote Code Execution] (SAFE): No external Python or Node.js packages are required. The scripts use only the Python standard library, and no remote code downloads or executions were detected.
- [Indirect Prompt Injection] (LOW): The skill provides a surface for indirect prompt injection by storing untrusted error messages and solutions from the environment.
- Ingestion points: Untrusted data enters via the
errorandsolutionparameters inscripts/causal_memory.pyandscripts/memory_manager.py. - Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present in the stored data.
- Capability inventory: The skill's capabilities are limited to local file read/write operations within the project directory; it lacks network access, subprocess execution, or eval/exec functionality.
- Sanitization:
normalize_errorperforms basic sanitization by removing file paths and UUIDs, but does not filter for instructional content.
Audit Metadata