memory-management
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection Surface: The skill outlines a process for indexing data from potentially untrusted external sources such as chat history and emails. This creates a surface where malicious instructions embedded in those sources could influence the agent's behavior.\n
- Ingestion points:
SKILL.md(Bootstrapping section describes scanning chat, calendar, and email).\n - Boundary markers: Absent (Uses standard markdown tables and lists without specific delimiters to isolate untrusted content).\n
- Capability inventory: File system read/write access for maintaining context files.\n
- Sanitization: Absent (No explicit steps for validating or filtering external data before it is stored in memory).\n- Data Handling Considerations: The skill facilitates the storage of sensitive organizational data, including personnel roles and project financial information, in local markdown files.\n
- Evidence:
SKILL.mdincludes templates formemory/people/andmemory/projects/containing roles and budgets.
Audit Metadata