nano-memory
Pass
Audited by Gen Agent Trust Hub on May 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The instructions direct the agent to execute shell search commands such as
grep,ls,dir, andfindstron the local file system to locate historical information. - [PROMPT_INJECTION]: The workflow for retrieving and acting upon persistent memory stored in files (
MEMORY.mdand thememory/directory) introduces a surface for indirect prompt injection (Category 8). - Ingestion points: Memory files are read into the agent context using the
read_filetool as defined in the retrieval and maintenance workflows withinSKILL.md. - Boundary markers: The skill does not define boundary markers, delimiters, or explicit instructions to ignore potential commands embedded within retrieved memory content.
- Capability inventory: The agent is granted capabilities to read, write, and edit local files, as well as perform shell-based search operations.
- Sanitization: No specific validation or sanitization steps are required for stored content before it is processed by the agent to generate responses.
Audit Metadata