memory
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to execute telclaude CLI commands for reading and writing persistent memory entries as described in SKILL.md.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface. 1. Ingestion points: Untrusted user data is ingested from conversations and saved via memory write commands in SKILL.md. 2. Boundary markers: Absent; stored categories such as profile and interests are automatically injected into the system prompt without protective delimiters. 3. Capability inventory: The agent has access to the Bash tool for command execution. 4. Sanitization: The skill mentions automatic rejection of secrets and tokens but lacks sanitization for embedded instructions or control characters.
Audit Metadata