Skills
skills/catlog22/maestro-flow/manage-memory/Gen Agent Trust Hub

manage-memory

Pass

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to perform grep operations across the memory stores. If the search query provided by a user is not properly sanitized before being passed to the shell, it could be leveraged for command injection.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by reading and displaying contents from markdown files to the agent context.
  • Ingestion points: Files located in .workflow/memory/ and ~/.claude/projects/{project}/memory/ are accessed via the view, search, and list subcommands.
  • Boundary markers: Absent. The skill instructions do not specify the use of delimiters or warnings to the agent to disregard instructions found within the memory files.
  • Capability inventory: The agent has access to Bash, Write, Edit, Read, Glob, and Grep tools, which could be abused if the agent is subverted by malicious content in a memory file.
  • Sanitization: Absent. The skill displays "full content" of files without validation or escaping of the stored text.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 17, 2026, 01:12 AM