memory-metadata-search
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill consists entirely of markdown documentation describing the
search_notestool. No executable scripts, subprocess calls, or network operations are present. - [INDIRECT_PROMPT_INJECTION]: The skill outlines a system that processes metadata fields from notes, which is an ingestion surface for untrusted data. 1. Ingestion points: Note frontmatter fields are ingested via the
search_notestool (as described in SKILL.md). 2. Boundary markers: No specific boundary markers or instructions to ignore instructions within metadata are provided. 3. Capability inventory: The skill only referencessearch_notes, which is a retrieval-based tool. 4. Sanitization: The documentation specifies validation logic, including a regular expression[A-Za-z0-9_-]+for keys and strict operator requirements, which mitigates basic injection attempts.
Audit Metadata