memory
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill is vulnerable to indirect prompt injection (Category 8).
- Ingestion points: Untrusted data enters the system through the
/memory addcommand and thememory.rememberAPI method, which accept arbitrary strings as 'value' or 'content'. - Boundary markers: There are no delimiters or 'ignore instructions' warnings implemented when the skill retrieves and displays memories via
/memory search,/memory context, or therecallAPI. - Capability inventory: The skill's own code is limited to database operations (LanceDB, SQLite, Postgres) and does not include high-risk capabilities like arbitrary command execution or external network requests (except to the configured embedding provider).
- Sanitization: No sanitization or validation is performed on the content before it is stored or retrieved, allowing for the storage of malicious instructions that may be executed if the agent interprets the recalled memory as a command.
Audit Metadata