memory-ingest
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by design.
- Ingestion points: The skill's core function is to 'Read the pasted content' (meeting transcripts, conversation logs, and email threads) in Step 1.
- Boundary markers: The skill lacks explicit boundary markers or instructions to ignore embedded commands within the processed text, which could lead the LLM to obey malicious instructions hidden in the input.
- Capability inventory: The skill uses 'write_note' to create content and 'search_notes' to query existing data based on the untrusted input, which could be manipulated if an injection occurs.
- Sanitization: No sanitization or filtering is applied to the external content before it is processed or incorporated into the resulting notes.
Audit Metadata