nano-memory

Pass

Audited by Gen Agent Trust Hub on May 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The instructions direct the agent to execute shell search commands such as grep, ls, dir, and findstr on the local file system to locate historical information.
  • [PROMPT_INJECTION]: The workflow for retrieving and acting upon persistent memory stored in files (MEMORY.md and the memory/ directory) introduces a surface for indirect prompt injection (Category 8).
  • Ingestion points: Memory files are read into the agent context using the read_file tool as defined in the retrieval and maintenance workflows within SKILL.md.
  • Boundary markers: The skill does not define boundary markers, delimiters, or explicit instructions to ignore potential commands embedded within retrieved memory content.
  • Capability inventory: The agent is granted capabilities to read, write, and edit local files, as well as perform shell-based search operations.
  • Sanitization: No specific validation or sanitization steps are required for stored content before it is processed by the agent to generate responses.
Audit Metadata
Risk Level
SAFE
Analyzed
May 23, 2026, 08:28 PM
Security Audit — agent-trust-hub — nano-memory