memory
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses Bash and awk scripts to extract sections from task management files and perform file operations like backups and template-based generation.\n- [DATA_EXFILTRATION]: Accesses the ~/.claude-mem/settings.json configuration file to identify and integrate with local memory systems. This path is outside the project root and is used to detect the presence of specific memory management tools.\n- [PROMPT_INJECTION]: Presents a surface for indirect prompt injection by processing external data from memory systems and user-controlled files without sanitization.\n
- Ingestion points: Data retrieved from external Memory Control Protocol (MCP) tools (harness_mem, serena) and contents of project-level files like Plans.md.\n
- Boundary markers: No delimiters or instructions are used to separate ingested content from system prompts in the documentation templates.\n
- Capability inventory: Includes file system modification (Write, Edit), command execution (Bash), and interaction with memory toolsets.\n
- Sanitization: No validation or escaping mechanisms are applied to the ingested data before it is incorporated into project files or the agent context.
Audit Metadata