managing-memory
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to verify the local environment, create configuration directories, and write API credentials to
~/.config/brain-jar/config.json. - [COMMAND_EXECUTION]: It executes a background Node.js process using a wildcard file path (
~/.claude/plugins/cache/brain-jar/shared-memory/*/run.js) to initialize the memory MCP server. - [PROMPT_INJECTION]: The skill facilitates the retrieval of stored memories which are then integrated into the agent's context, creating an indirect prompt injection surface.
- Ingestion points: Memories are ingested via the
mcp__shared-memory__search_memoryandmcp__shared-memory__list_memoriestools. - Boundary markers: The skill does not define or enforce the use of delimiters to distinguish between trusted instructions and retrieved memory content.
- Capability inventory: The agent has access to powerful tools including
Bashand memory modification tools, which could be targeted by instructions hidden in stored memories. - Sanitization: There are no instructions for sanitizing or validating memory content before it is processed by the main agent or the Haiku sub-agent.
Audit Metadata