inner-life-memory
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the 'jq' binary and directs the user to execute an initialization script ('init.sh') from a prerequisite skill. These operations are used for JSON processing and environment setup within the vendor's ecosystem.
- [EXTERNAL_DOWNLOADS]: Instructions include the installation of prerequisite components using 'clawhub', a third-party installation tool, to fetch necessary resources from the vendor's repositories.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core memory extraction logic.
- Ingestion points: The skill reads untrusted user data from the 'memory/daily-notes/' and 'memory/diary/' directories.
- Boundary markers: No clear delimiters or instructions to ignore embedded behavioral overrides are provided for the reflection phase.
- Capability inventory: Processed data is written to critical state files like 'memory/inner-state.json' and 'memory/MEMORY.md' using 'jq' for transformation.
- Sanitization: The documentation does not specify any validation or sanitization steps to prevent malicious instructions in notes from being interpreted as legitimate memories or principles.
Audit Metadata