memory-bank
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by instructing the agent to treat files in the
.memory-bank/directory as the 'only source of truth' for project context. (1) Ingestion points: The agent reads all relevant files from the.memory-bank/directory at the start of every task. (2) Boundary markers: Absent; there are no instructions provided to distinguish between stored data and executable instructions. (3) Capability inventory: The skill assumes the host agent has file-system access and potentially shell execution capabilities, which could be targeted via the memory files. (4) Sanitization: Absent; the skill contains no mechanisms for validating, escaping, or filtering the content of the memory files before ingestion.
Audit Metadata