Skills
NYC
skills/bahayonghang/my-claude-code-settings/memory-system/Gen Agent Trust Hub

memory-system

Pass

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • PROMPT_INJECTION (LOW): The skill demonstrates an attack surface for Indirect Prompt Injection (Category 8).
  • Ingestion points: The skill reads and indexes Markdown files from the ./memory/ directory, which may contain untrusted content from external sources.
  • Boundary markers: There are no explicit instructions or delimiters mentioned in the provided documentation to prevent the agent from obeying instructions embedded within the retrieved memory chunks.
  • Capability inventory: The agent can write to files (add), execute shell commands (python3), and query a database (search).
  • Sanitization: No sanitization or validation logic is specified for the content processed or retrieved.
  • EXTERNAL_DOWNLOADS (LOW): The skill requires the installation of external dependencies and downloads pre-trained models.
  • Evidence: SKILL.md and requirements.txt specify the installation of sentence-transformers>=3.0 and numpy.
  • Context: While these are legitimate libraries from trusted ecosystems, sentence-transformers automatically downloads an 80MB embedding model from HuggingFace upon first execution.
  • COMMAND_EXECUTION (SAFE): The skill relies on shell command execution to interface with its Python logic.
  • Evidence: SKILL.md provides templates for running python3 ~/.claude/skills/public/memory-system/scripts/memory.py with various subcommands.
  • Context: The commands are restricted to the local filesystem and the intended functionality of the memory system. Note: The source code for memory.py itself was not included in the analyzed files.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 17, 2026, 06:38 PM