remember
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill enables indirect prompt injection by persisting unvalidated user input to a MEMORY.md file that the agent reads as context in every session.\n
- Ingestion points: User-provided text via the /si:remember command.\n
- Boundary markers: None are applied; input is stored as a standard markdown list item.\n
- Capability inventory: Reading and writing to local persistence files in the agent's project directory.\n
- Sanitization: No escaping or validation is performed on the user-supplied knowledge.\n- [COMMAND_EXECUTION]: The skill uses local shell commands (grep, sed, pwd) to dynamically construct project-specific paths and check for duplicate memory entries.
Audit Metadata