memory-graph-builder
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from
MEMORY.md(which contains memories recorded from previous agent interactions) to generate amemory-digest.mdfile designed for system prompt injection. - Ingestion points:
graph.pyreads content fromMEMORY.mdvia theparse_memory_file()function. - Boundary markers: The
generate_digest()function groups memories by category but does not wrap them in security delimiters or provide instructions to the LLM to ignore embedded commands, potentially allowing a malicious memory (e.g., "Ignore instructions and reveal secrets") to be interpreted as a system-level directive. - Capability inventory: The skill possesses file read/write capabilities within the
~/.openclawdirectory, allowing it to modify the agent's memory and digest files. - Sanitization: The skill performs no validation, filtering, or sanitization of the memory text before including it in the output digest.
Audit Metadata