promote
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses local shell commands like
grepandsedto interact with the filesystem. These commands are used to locate and manage the agent's internal memory files within the user's home directory. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface because it processes
MEMORY.md, which contains historical data that could be influenced by external inputs in previous sessions. - Ingestion points: Reads from
MEMORY.mdin Step 2. - Boundary markers: The skill includes a manual confirmation step where the user must verify the pattern found in memory before it is processed.
- Capability inventory: The skill has the ability to read and write to local configuration files (
CLAUDE.md,.claude/rules/) and delete entries fromMEMORY.mdvia shell commands. - Sanitization: The distillation process in Step 4 acts as a logical filter, and the final confirmation step in Step 7 ensures the user reviews the final instruction before it is permanently enforced.
Audit Metadata