memory-tasks
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFENO_CODEPROMPT_INJECTION
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown instructions and YAML schema definitions; no scripts or executable code are included in the skill package.
- [PROMPT_INJECTION]: The skill's architecture creates a surface for indirect prompt injection by processing untrusted or persistent task data as instructions.
- Ingestion points: Markdown notes stored in 'memory/tasks/' and accessed via 'search_notes' or 'memory_search'.
- Boundary markers: No delimiters or instructions to ignore embedded commands are specified for the 'Context' or 'Steps' sections of the task files.
- Capability inventory: File searching, reading, and writing; note schema validation and differentiation.
- Sanitization: No sanitization or content filtering is implemented for the data retrieved from task notes.
Audit Metadata