remember
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a co-located bash script 'context-path.sh' to determine file paths based on Git branch information and to create necessary directories.
- Evidence: execution of 'bash /context-path.sh --ensure-dir' in SKILL.md.
- [PROMPT_INJECTION]: The skill ingests conversational history to extract and persist project-wide learnings, which introduces a surface for indirect prompt injection.
- Ingestion points: conversational data processed in the 'Project Memory Path' section of SKILL.md.
- Boundary markers: extracted content is formatted using markdown templates but lacks strict delimiters to isolate external data from instructions.
- Capability inventory: file-writing capabilities through the Edit tool and subprocess execution of local scripts.
- Sanitization: the skill implements an interactive validation step requiring user approval for each memory candidate before it is written to the filesystem.
Audit Metadata